 |
 |
Running under root
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Status:
Offline
|
|
I have a shell script, and it works under root, but not for regular users. How can I modify it so that it runs under root? It involves NVRAM, so it needs to run under root I assume.
|
I always use protection when fscking my Mac... Do you?
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jan 2001
Location: Boulder, CO, USA
Status:
Offline
|
|
Hmmm. Not sure, but perhaps you could make a new user account, the only purpose of which is to run that script. You'd have to give the account admin priviliges. Your users could then sudo the script under that account:
<BLOCKQUOTE><font size="1"face="Geneva, Verdana, Arial">code:</font><HR><pre><font size=1 face=courier>sudo -u admin_account your_script</font>[/code]
You'd have to give the users the password to that account, of course, but that's probably preferable to giving them root access. Perhaps the account could be sort of limited in other ways. (Removing paths to /bin and so on...) It wouldn't protect you from malevolence on the part of the users, but it might help prevent accidents.
Unless of course you actually have to be root to run nvram. The nvram man page seems to indicate that you only need admin privileges.
I dunno -- haven't tried it myself. 
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Status:
Offline
|
|
I think I have an answer!
chown!
If you set the execute-as-owner bit... er... set-user-ID, er... AGH! I can't remember! Anyway, if the right bit is set and the script is owned by root, anyone why runs it is actually running it as root. I can't remember the exact terminal command for you (I'm at work on a Windows machine) but I'll post when I get home (soon!).
[ 07-13-2001: Message edited by: starfleetX ]
|
|
The server made a boo boo. (403)
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 2000
Location: Springfield, MA
Status:
Offline
|
|
Three things you need to do, as has already been hinted at.
1) <font face = "courier">chown root file</font>
then do
2) <font face = "courier">chmod 4755 file</font>
this sets the set-user-on-execute bit. What that means is that the program can be run by anyone, and it will not run as who exectued it, but instead will be run as the owner (in this case, root because of the first command we did)
3) <font face = "courier">man chmod</font>
Very handy tool to know, this will explain where I pulled the magic number 4755 from, and will show you how to change the read and write privilages of your files. This can be very important to know.
|
|
We hope your rules and wisdom choke you / Now we are one in everlasting peace
-- Radiohead, Exit Music (for a film)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
