[Veritas-bu] Managing Netbackup as non-root
2002-10-11 13:23:58
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C2714A.FB7606D0
Content-Type: text/plain;
charset="iso-8859-1"
Just a quick note that Solaris actually permits Set-UID & Set-GID scripts -
no C-wrapper necessary.
Most OS's don't support this but Solaris has a kernel trick that forbids the
exploit possible SUID scripts (somebody explained it to me once but I've
slept since then...)
I use SUID scripts to run root-level queries commands from our
web-interface.
Be sure the permissions are set so only root can edit the scripts or bad
things (tm) can happen.
-M
-----Original Message-----
From: David A. Chapa [mailto:david AT datastaff DOT com]
I can't take credit for this (well I could but-that's just not right), but
one
of my clients has a very slick workaround for #2.
Scott/Mark: I've sent it to you in a separate email.
What it consists of is some C code (with sticky bit) that calls a script
(owned
by root) to perform a specified task contained within the script.
Works nicely.
David
PS. If there's a lot of interest in this, I'll post it on my website.
http://www.NetBackupCentral.com
------_=_NextPart_001_01C2714A.FB7606D0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: [Veritas-bu] Managing Netbackup as non-root </TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Just a quick note that Solaris actually permits =
Set-UID & Set-GID scripts - no C-wrapper necessary. </FONT>
</P>
<P><FONT SIZE=3D2>Most OS's don't support this but Solaris has a kernel =
trick that forbids the exploit possible SUID scripts (somebody =
explained it to me once but I've slept since then...)</FONT></P>
<P><FONT SIZE=3D2>I use SUID scripts to run root-level queries commands =
from our web-interface.</FONT>
</P>
<P><FONT SIZE=3D2>Be sure the permissions are set so only root can edit =
the scripts or bad things (tm) can happen.</FONT>
</P>
<P><FONT SIZE=3D2>-M</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: David A. Chapa [<A =
HREF=3D"mailto:david AT datastaff DOT com">mailto:david AT datastaff DOT
com</A>]</FON=
T>
</P>
<P><FONT SIZE=3D2>I can't take credit for this (well I could but-that's =
just not right), but one </FONT>
<BR><FONT SIZE=3D2>of my clients has a very slick workaround for =
#2.</FONT>
</P>
<P><FONT SIZE=3D2>Scott/Mark: I've sent it to you in a separate =
email.</FONT>
</P>
<P><FONT SIZE=3D2>What it consists of is some C code (with sticky bit) =
that calls a script (owned </FONT>
<BR><FONT SIZE=3D2>by root) to perform a specified task contained =
within the script.</FONT>
</P>
<P><FONT SIZE=3D2>Works nicely.</FONT>
</P>
<P><FONT SIZE=3D2>David</FONT>
</P>
<P><FONT SIZE=3D2>PS. If there's a lot of interest in this, I'll =
post it on my website.</FONT>
<BR><FONT SIZE=3D2><A HREF=3D"http://www.NetBackupCentral.com" =
TARGET=3D"_blank">http://www.NetBackupCentral.com</A></FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C2714A.FB7606D0--
|
|
|