Monte sem sudo usando bocado pegajoso?
Pergunta
Eu estou tentando escrever um script de shell para montar o dispositivo de loop, e eu estou atribuindo este script com um bit pegajoso para executar como uid (raiz). (isto é para outros usuários no servidor) o problema é que eu não possoparece executar o comando 'Mount' sem usar sudo na frente dele.Quando estou na conta root, posso executar o comando 'Mount' sem qualquer problema, então eu pensei que definindo o script com o rws-r_x-r_x
faria isso.
Eu estou entendendo mal o conceito de usar bit pegajoso?ou há de outra maneira?
O servidor está sendo executado sob o Ubuntu 10.04
Solução
You mean the setuid
bit, not the sticky
one. The kernel doesn't honor the setuid bit on scripts. See this post for a thorough description, here's a summary: the gist is that suid on a script is insecure.* The kernel starts reading the script to execute it, but it sees the #!/path/to/interpreter
and figures out that it needs to be interpreted. It then cancels "executing" the script directly and calls the specified interpreter, passing the script name as the first argument (and all subsequent arguments in order after that). The reason setting UID is insecure in this instance is that an attacker could potentially change the script to be executed between the kernel setting the new UID and the interpreter reading the file.
*: The other post mentioned that perl
handles its scripts in such a way that they can be suid.
As for the actual mounting problem at hand, add a line to /etc/fstab/
and include the user
option.