How can I get setuid shell scripts to work?
[ This is a long answer, but it's a complicated and frequently-askedquestion. Thanks to Maarten Litmaath for this answer, and
for the "indir" program mentioned below. ]
Let us first assume you are on a UNIX variant (e.g. 4.3BSD or
SunOS) that knows about so-called `executable shell scripts'.
Such a script must start with a line like:
#!/bin/sh
The script is called `executable' because just like a real (binary)
executable it starts with a so-called `magic number' indicating
the type of the executable. In our case this number is `#!' and
the OS takes the rest of the first line as the interpreter for
the script, possibly followed by 1 initial option like:
#!/bin/sed -f
Suppose this script is called `foo' and is found in /bin,
then if you type:
foo arg1 arg2 arg3
the OS will rearrange things as though you had typed:
/bin/sed -f /bin/foo arg1 arg2 arg3
There is one difference though: if the setuid permission bit for
`foo' is set, it will be honored in the first form of the
command; if you really type the second form, the OS will honor
the permission bits of /bin/sed, which is not setuid, of course.
Home | FAQ |