[Kc] Shell script to execute system command as another user

John Reinke jmreinke at sunflower.com
Mon May 3 11:22:09 CDT 2004


I'd probably accomplish this through file permissions. Make the script owned by 'cyrus' and also use the set-ID option (see the chmod manpage). When it executes, it will execute as the file owner, no matter who runs it.

Make sure that the permissions allow the user 'nobody' to access the script, but no unauthorized users (you never can be too safe when executing shell commands based on user input). You may want to use group permissions to accomplish that.

John

> amoore at mooresystems.com (Andrew Moore) wrote:
> 
>  On Mon, May 03, 2004 at 09:25:40AM -0500, Brad wrote:
 > How can I set up a perl script that will be owned and executed by nobody
 > (executed through apache) that will then execute a shell command as the
 > user cyrus?
 
 A popular method seems to be to use "sudo". You can give 'nobody'
 permissions to run a certain command as 'cyrus', perhaps without a
 password, in the /etc/sudoers file, I believe.
 
 That seems to be better than making the shell script (or command) suid
 cyrus for some reasons.
 
 Hope it helps.
 
 -Andy
 
 
 
 _______________________________________________
 kc mailing list
 kc at mail.pm.org
 http://mail.pm.org/mailman/listinfo/kc
> 



More information about the kc mailing list