colby at wsu.edu
Mon Jan 14 19:23:16 EST 2002
I want to write a perl script that runs as a non-root user but can do some
root-ish things. I don't want the whole script to be setUID, so my plan
is/was to write supporting shell scripts that can be setUID and handle the
root-ish things (ifdown/ifup, mv /etc/resolv.conf, /etc/init.d/ssh
restart, stuff like that).
When I have the perl script call the shell scripts, everything is sort of
okay, but this happens:
Restarting OpenBSD Secure Shell server: sshdstart-stop-daemon: warning:
failed to kill 12823: Operation not permitted
Could not load host key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
Which means: you don't have permission to kill root-owned processes or
processes owned by other users.
The perl script is the "shell" for a user that is going to be logging in
to do these various useful things. The "shell" calls the setUID scripts
when certain commands are entered (e.g. restartssh = "are you sure"
confirm followed by system("sh $path_to_shell_script restart");).
The perl script is NOT setUID root (because this has all sorts of
implications on what the $PATH needs to be and rightfully so). The shell
-rwsr-xr-x 1 root staff
What am I missing? Is there some failed logic here? Need more information?
More information about the Techtalk