Re: Writing scripts in Linux

Bit Twister wrote:
On Sun, 21 Oct 2007 23:02:58 GMT, Rich Leitner wrote:
Okay, I'm a bit new to shell scripting but learning. What's wrong with writing a shell script as root so long as the script does not have root privileges itself?


Shell scripts execute with the privs of the user running them.

If you are writing a script as root, and testing it as root, you need to be very careful, that is all.

here is a VERY stupid example (please DO NOT run it as root - it will destroy your machine!!!!!!!!!!)

#!/bin/sh
TOPDIR="/"
JUNKDIR1="junk-dir1"
JUNKDIR2="junk-dir2"
echo cleaning out junk-dir1 and junk-dir2
rm -rf $TOPDIR/$JUNKDIR1/*
rm -rf $TOPDIR/$JUNK_DIR2/*


I WANTED to have the script delete everything under "/junk-dir1" & "/junk-dir2"

Unfortunately, on the second rm line, I wrote:
rm -rf $TOPDIR/$JUNK_DIR2/*

when I MEANT to write
rm -rf $TOPDIR/$JUNKDIR2/*

The outcome is the command
"rm -rf ///*" is run (which is the same as "rm -rf /*"

This command deletes everything on your hard drive, and your system will stop working... for you, and everyone else.

If you run that script as a regular user, it will start spewing messages like:
rm: cannot remove directory `bin': Is a directory

yes, eventually it will recursively works its way down to your home directory, and delete everything there... which would suck... but the machine is still up and running fine for everyone else.


The "root" account can cause GLOBAL mistakes. A regular user can only cause LOCAL mistakes.


--
Alexander N. Spitzer
Bonsai Bonanza
http://www.BonsaiBonanza.com
.

Relevant Pages

  • IBM Informix Web DataBlade: Local root by design
    ... IBM Informix Web DataBlade: Local root by design ... Impact: Any user who can: 1) Save a Perl script anywhere on the server's ... admin right on any database can do it by loading the WDB module into ...
    (Bugtraq)
  • RE: Linux hacked
    ... I would also suggest using a simple script in the future that alerts ... Subject: Linux hacked ... To get back into your account you want to use, at the boot manager ... boot normally and you should be able to login as root with your new ...
    (Security-Basics)
  • Re: BSDstats v3.0 - The Security Rewrite
    ... The bsdstats script could easily pick up that entry and set ... a management machine, and that management machine only has ... Email is sent to root containing IDTOKEN= as generated by host, root forwards that to rpt@xxxxxxxxxxxx, rpt@xxxxxxxxxxxx sends back KEY= value ... second time, submits report values to root, root forwards that to rpt@xxxxxxxxxxxx ... ...
    (freebsd-questions)
  • Re: Great SWT Program
    ... from a terminal emulator and log in as root there. ... terminal-emulator windows open, ... The script, suid-root utility, or whatever would ... the command interpreter with root privileges ...
    (comp.lang.java.programmer)
  • Re: running a background bash script as root. dangerous?
    ... I've made a bash shell script that may need to be run as root ... The script will be run as cron job (and could be running ... Bash is running with a different configuration ...
    (comp.os.linux.security)