running a background bash script as root. dangerous? - Security

This is a discussion on running a background bash script as root. dangerous? - Security ; Hi, I've made a bash shell script that may need to be run as root (sometimes). The script will be run as cron job (and could be running for hours when launched). I would like to know if it can ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: running a background bash script as root. dangerous?

  1. running a background bash script as root. dangerous?

    Hi, I've made a bash shell script that may need to be run as root
    (sometimes). The script will be run as cron job (and could be running
    for hours when launched). I would like to know if it can be a security
    issue to run a shell script as root? And what solution could I use if
    it needs root previleges.

    I know that a perl script would be more safe, but I wanted to make a
    shell script.

    Thanks in advance


  2. Re: running a background bash script as root. dangerous?

    someone92@hotmail.com writes:

    >Hi, I've made a bash shell script that may need to be run as root
    >(sometimes). The script will be run as cron job (and could be running
    >for hours when launched). I would like to know if it can be a security
    >issue to run a shell script as root? And what solution could I use if
    >it needs root previleges.


    It should be fine. No different than running the program as root from the
    console.

    What is dangerous ( and bash will not let you do) is run a shell script as
    suid root.

    >I know that a perl script would be more safe, but I wanted to make a
    >shell script.


    No difference in safety.

    >Thanks in advance



  3. Re: running a background bash script as root. dangerous?

    On 31 Dec 2005 15:17:56 -0800, someone92@hotmail.com wrote:

    >Hi, I've made a bash shell script that may need to be run as root
    >(sometimes). The script will be run as cron job (and could be running
    >for hours when launched). I would like to know if it can be a security
    >issue to run a shell script as root? And what solution could I use if
    >it needs root previleges.
    >
    >I know that a perl script would be more safe, but I wanted to make a
    >shell script.


    Huh? Why would perl be any safer than shell script?

    I made a bash script to run as a cron job as root 'cos it must access
    /var/log/messages, I feel secure ;-) I don't even mind sharing it:
    http://bugsplatter.mine.nu/bash/junk/junkdata.html

    Show us the script, perhaps we can tell you something? With no idea
    what you are trying to achieve, what sort of information you after?

    Grant.
    And here 'tis already next year

  4. Re: running a background bash script as root. dangerous?

    Unruh wrote:
    > someone92@hotmail.com writes:
    >
    >
    >>Hi, I've made a bash shell script that may need to be run as root
    >>(sometimes). The script will be run as cron job (and could be running
    >>for hours when launched). I would like to know if it can be a security
    >>issue to run a shell script as root?


    You would, obvioiusly, need to ensure that no-one other than
    root could write to the script or any commands it contained.

  5. Re: running a background bash script as root. dangerous?

    Unruh (05-12-31 23:39:53):

    > someone92@hotmail.com writes:
    >
    > >Hi, I've made a bash shell script that may need to be run as root
    > >(sometimes). The script will be run as cron job (and could be running
    > >for hours when launched). I would like to know if it can be a
    > >security issue to run a shell script as root? And what solution could
    > >I use if it needs root previleges.

    >
    > It should be fine. No different than running the program as root from
    > the console.


    Some minor differences. Bash is running with a different configuration
    for non-interactive shells (i.e. scripts).


    > What is dangerous ( and bash will not let you do) is run a shell
    > script as suid root.


    It's not Bash, which doesn't let you; it's Linux. The SetUID bit on
    non-binaries (scripts) has no effect. Hence you also cannot SUID a Perl
    script to root. I don't know how it's handled, if the binary
    (e.g. /bin/bash) is itself SUID to root, though.


    > >I know that a perl script would be more safe, but I wanted to make a
    > >shell script.

    >
    > No difference in safety.


    It's easier to make mistakes in a shell script. Even though the Perl
    syntax is horrible, the shell's syntax is even worse.

    Regards.

+ Reply to Thread