Re: writing logs in a file that needs root previlages



On Thursday 03 June 2010 05:30 in comp.os.linux.misc, somebody
identifying as Rahul wrote...

I have a bash wrapper command with permissions:
-rwxr-xr-x 1 root root


Thus only root can modify this wrapper but any user can use it as a
command. This is a simple bash script.

Within this script I need to write a comment to a log file. I'd prefer
if this log file was only readable / modifyable by root alone. Is
there a way to do this?

Yes, you can set the script's SUID bit so that whoever runs it, runs it
with the privileges of the owner, i.e. root.

However, depending on what the script does - we don't know that as
you're not telling us - this may not be a valid option. The script
might have some privilege escalation exploit.

I tried giving the log file these permissions:
-rw-rw-r-- 1 root root

But then when I run the command as a regular user it seems to not be
able to write to the log file:
/opt/bin/qsub: line 33: /var/log/qstats.submit.rpn: Permission denied

Of course, if I make the log file world writable all is OK but then
the point behind keeping the logs secure is defeated.

One way I was thinking of was a previlage escalation at the point the
log needs to be written. But setuid seems to be a C call. Anyway of
doing this in a bash script?

Just change the permissions on the executable - or eventually, if
present, on the executable it calls upon to do the writing to the log -
to include the SUID bit.


--
*Aragorn*
(registered GNU/Linux user #223157)
.



Relevant Pages

  • Re: csccmd install or copy?
    ... You should be able to just copy it and run the command, ... you could modify this script. ... ' Subroutine to close the log file ... Sub LogEvent ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: writing logs in a file that needs root previlages
    ... -rwxr-xr-x 1 root root ... This is a simple bash script. ... Within this script I need to write a comment to a log file. ...
    (comp.os.linux.misc)
  • [SLE] Fwd: [COLUG] Command Not Found
    ... bandwith. ... >command not found error message. ... I know that running as root is a security hole.) ... >It works if I run the script as a user. ...
    (SuSE)
  • RE: [Perl-beginners] Perl script to switch user to root.
    ... perhaps you should let the script do something like SUDO, ... Perl script to switch user to root. ... I know I can run the "su root" with the system command ...
    (perl.beginners)
  • Re: .bat from asp.net w/System.Diagnostics.Process?
    ... what is the results of the script from the command prompt when you run using ... i'm not familiar with the syntax of the ftp command you are using. ... > fine (the file is moved, and there is an entry in the log file). ...
    (microsoft.public.dotnet.framework.aspnet)