ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@apache.org>
Subject Re: Backup before deploy
Date Wed, 23 Nov 2005 14:29:19 GMT
Bozorgdadeh, Afshin wrote:
> My last 2cents
> You could get the job done or you could just brain storm about it.
> When you are su to a different user you are creating a chilled process,
> so your script has to have a way to communicate with a child process. In
> the good old day there was a scripting language name "EXPECT" which
> could pass the arguments to the chilled process. But I think you problem
> is much simpler than that. Let's break it up in two sections.
> Second section first.
> 
> 2) tar and gzip files with a to privileged restricted location allowed.
>     There is a concept of "sticky bit" in UNIX you could create a script
> that will run as a privileged user. But anybody could run that scrip.
>    #!/usr/bin/sh
>    # script to backup file as BIG DUDE
>    # scrip name = Backmeup.sh
>    tar cvf /BackupDirectory/Mydailybakup.tar    /sorce/needto/bakup/*
>    gzip /BackupDirectory/Mydailybakup.tar    
> 
> after saving this file you have to make this a sticky bit it
>    login as the priviladged user and > chmod 4755 Backmeup.sh



On my list of things never to do on unix, "suid root scripts" are on 
there, right up with "never go 'rm -rf /etc'"

Its too insecure, dont ask me why, just do the research :) I believe 
that recent versions of solaris turn of suid root scripts for security 
reasons.

Make it a suid root binary.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message