Re: running a background bash script as root. dangerous?

Unruh <unruh-spam@xxxxxxxxxxxxxx> (05-12-31 23:39:53):

> someone92@xxxxxxxxxxx writes:
> >Hi, I've made a bash shell script that may need to be run as root
> >(sometimes). The script will be run as cron job (and could be running
> >for hours when launched). I would like to know if it can be a
> >security issue to run a shell script as root? And what solution could
> >I use if it needs root previleges.
> It should be fine. No different than running the program as root from
> the console.

Some minor differences. Bash is running with a different configuration
for non-interactive shells (i.e. scripts).

> What is dangerous ( and bash will not let you do) is run a shell
> script as suid root.

It's not Bash, which doesn't let you; it's Linux. The SetUID bit on
non-binaries (scripts) has no effect. Hence you also cannot SUID a Perl
script to root. I don't know how it's handled, if the binary
(e.g. /bin/bash) is itself SUID to root, though.

> >I know that a perl script would be more safe, but I wanted to make a
> >shell script.
> No difference in safety.

It's easier to make mistakes in a shell script. Even though the Perl
syntax is horrible, the shell's syntax is even worse.