I have a script that I want to be able to let user 'wcs1234' execute it, but when it runs, it will do so under the higher authority of 'cdunix'. It is my understanding that I accomplish this with a sticky bit. I have tried every variation of this but am unable to get this to work.
my script is as follows:
!bin/ksh
cd /opt/cmunix/teststage
ls -lt
#
whoami
print -n "enter file to copy....."
read file
echo $file " copied to stage directory.."
#
cp -p /opt/cmunix/teststage/$file /opt/cmunix/stage/
exit 0
my permissions are as follows:
-rwxrwsr-x 1 cdunix sterling 511 Feb 04 15:41 cptostage.sh
any help would be greatly appreciated....
Todd
The checking for user bit is as per below:
SCRIPT_USER=wcs1234
WHOAMI=$(/usr/ucb/whoami)
if [ "$WHOAMI" != "$SCRIPT_USER" ];then
echo "$CallName: script must be run by $SCRIPT_USER"
exit 1
else
echo "You are $WHOAMI - OK to continue..."
fi
Not sure how to make this execute with another user though....but here's half to check the user.
I think that the question involves inode permissions rather than checking for which user is running the program.
And I think the OP got the sticky bit, suid bit and sgid bit confused since he set the sgid bit and then posted a question calling it the sticky bit while describing the behavior of the suid bit.
chmod 4775 file # set the suid bit
chmod 2775 file # set the sgid bit
chmod 1775 file # set the sticky bit
The suid bit causes an executable to assume the effective uid of its owner whenever it runs. But it only works with executables, not shell scripts. For awhile some kernels allowed it to work with shell scripts too, but this a major security hole.
To run shell scripts in an suid envirorment look at the freeware program called "sudo". It can do this securely.