On 11/18/2008 11:25 AM, Gordon Messmer wrote:
I don't know if it ever did on Linux, but at one time you could have setuid and setgid on scripts. I've never investigated that since because it is a bad thing to do..Mikkel L. Ellertson wrote:Patrick O'Callaghan wrote:In any case, the owner of the script is only security-relevant in twocases: 1) if it allows someone to edit the script who normally couldn't,or 2) if the script is setuid. Of course it could also change who can *execute* the script, but if it's not setuid they'll be doing it as themselves, not as the owner.Does setuid work on scrips? I know it did not in the past, but I have not checked to see if that has changed.No, it doesn't, and it never will. Making "root" a script's owner is not a "security issue".
-- Jerry Feldman <gaf blu org> Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
Description: OpenPGP digital signature