[KLUG Members] Allowing users to write to log file
Bruce Smith
members@kalamazoolinux.org
Tue, 23 Oct 2001 14:51:34 -0400
> I am writing a shell script that will indirectly append a users output to a read only log file. I don't want the log file to be writable by the user.
>
> To aproach this problem I wrote the user script and passed the output to a script owned by root that will append to the log file. The log file is not writable by the user. This process failed perhaps because the user can't force the root file to give root priveleges on other files. I changed the root file permissions to -rwsr-xr-x but with no success. Is there a way to allow a user to execute the root file so the user read only file can be appended?
1) You cannot make a SUID shell script in Linux, and you don't want to!!!
There are major security holes that can be exploited no matter how well
you write the script. You'd be giving your users total root access.
I did something similar this way:
I wrote a small C program to write to the log file.
As a security precaution, I made the C program SUID to
an dummy user, NOT ROOT! So I have the same permissions
as -rwsr-xr-x but the script is owned by "fred" not root.
And the log file is also owned by user "fred" -rw-------
Then you can call the C program from a shell script or
where ever you like.
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------