I've been scared too much by the warning about setuid. However I cannot find a way around using it.
I want to be able to run:
arp -s 198.51.100.1 00:53:00:12:34:56
as the user steven
but arp -s requires root.
Would this be the correct way to do it?
sudo nano example.sh
sudo chmod u+s example.sh
sudo chmod og-w example.sh
sudo chmod o+x example.sh
./example.sh
Best Answer
Short story: don't use setuid shell scripts (or any setuid/setgid script).
Long story: Allow setuid on shell scripts
Solution: invoke the command using
sudo
.To allow the user
steven
to run this command without entering a password, runvisudo
and add the following line:If you have other sudo entries for
steven
, theNOPASSWD:
one(s) need to come last.