Veritas-bu

[Veritas-bu] Managing Netbackup as non-root

2002-10-11 13:23:58
Subject: [Veritas-bu] Managing Netbackup as non-root
From: Mark.Donaldson AT experianems DOT com (Donaldson, Mark)
Date: Fri, 11 Oct 2002 11:23:58 -0600
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C2714A.FB7606D0
Content-Type: text/plain;
        charset="iso-8859-1"

Just a quick note that Solaris actually permits Set-UID & Set-GID scripts -
no C-wrapper necessary. 

Most OS's don't support this but Solaris has a kernel trick that forbids the
exploit possible SUID scripts (somebody explained it to me once but I've
slept since then...)

I use SUID scripts to run root-level queries commands from our
web-interface.

Be sure the permissions are set so only root can edit the scripts or bad
things (tm) can happen.

-M

-----Original Message-----
From: David A. Chapa [mailto:david AT datastaff DOT com]

I can't take credit for this (well I could but-that's just not right), but
one 
of my clients has a very slick workaround for #2.

Scott/Mark:  I've sent it to you in a separate email.

What it consists of is some C code (with sticky bit) that calls a script
(owned 
by root) to perform a specified task contained within the script.

Works nicely.

David

PS.  If there's a lot of interest in this, I'll post it on my website.
http://www.NetBackupCentral.com

------_=_NextPart_001_01C2714A.FB7606D0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: [Veritas-bu] Managing Netbackup as non-root </TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>Just a quick note that Solaris actually permits =
Set-UID &amp; Set-GID scripts - no C-wrapper necessary. </FONT>
</P>

<P><FONT SIZE=3D2>Most OS's don't support this but Solaris has a kernel =
trick that forbids the exploit possible SUID scripts (somebody =
explained it to me once but I've slept since then...)</FONT></P>

<P><FONT SIZE=3D2>I use SUID scripts to run root-level queries commands =
from our web-interface.</FONT>
</P>

<P><FONT SIZE=3D2>Be sure the permissions are set so only root can edit =
the scripts or bad things (tm) can happen.</FONT>
</P>

<P><FONT SIZE=3D2>-M</FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: David A. Chapa [<A =
HREF=3D"mailto:david AT datastaff DOT com">mailto:david AT datastaff DOT 
com</A>]</FON=
T>
</P>

<P><FONT SIZE=3D2>I can't take credit for this (well I could but-that's =
just not right), but one </FONT>
<BR><FONT SIZE=3D2>of my clients has a very slick workaround for =
#2.</FONT>
</P>

<P><FONT SIZE=3D2>Scott/Mark:&nbsp; I've sent it to you in a separate =
email.</FONT>
</P>

<P><FONT SIZE=3D2>What it consists of is some C code (with sticky bit) =
that calls a script (owned </FONT>
<BR><FONT SIZE=3D2>by root) to perform a specified task contained =
within the script.</FONT>
</P>

<P><FONT SIZE=3D2>Works nicely.</FONT>
</P>

<P><FONT SIZE=3D2>David</FONT>
</P>

<P><FONT SIZE=3D2>PS.&nbsp; If there's a lot of interest in this, I'll =
post it on my website.</FONT>
<BR><FONT SIZE=3D2><A HREF=3D"http://www.NetBackupCentral.com"; =
TARGET=3D"_blank">http://www.NetBackupCentral.com</A></FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C2714A.FB7606D0--

<Prev in Thread] Current Thread [Next in Thread>