scripting & system call in output processing

Fairlight fairlite at fairlite.com
Tue Nov 2 11:32:26 PDT 2010 

Is it just me, or did scooter6 at gmail.com say:
> I have written some output processing that creates an export file - at the
> end, I close the file and email it, passing parameters to an email script.
> 
> Basically, at end I do @done - close file - then   system
> "/appl/fpmerge/email_script.sh" < fc     (where fc is the file that was
> created)
> 
> If I am logged in as root, this runs flawlessly.  However, after putting it
> on a menu, other users run this and it doesn't email the file??
> 
> Does the email_script.sh need to have certain permissions in order for this
> to work?  Currently, it's chmod 777 owned by filepro and in the 'group'
> group
> 
> What do I need to change to get others to be able to run this without being
> root?

On SCO Unix, you can just leave the permissions alone, as SUID is not
dropped by the shell when SYSTEM() is called.

On Linux (and likely FreeBSD and other variants), when SYSTEM() hits the
shell, the shell drops any SUID privileges, so at that point forward,
you're no longer filepro, and thus the user cannot read and execute the
script if it did not have "rx" permissions for "others".

Do a chmod 755 to the script before the SYSTEM() call.  It doesn't need to
be looser than that.

However, you say you have it even looser at 777, and it still can't be
accessed.  Make sure you're not putting it in a locations whose path
requires the user to be filepro somewhere along the way.  For instance, 755
on the script, but placing it inside /appl/fpmerge if fpmerge is 0700
filepro will -still- keep someone from -getting- to the script, even if the
script is moded correctly.  

Also keep in mind that any data files you're creating (like the export
file) need to be moded correctly (644 or looser) in order to be read by
commands run by SYSTEM() in these environments.  Since EXPORT automaticaly
(and wrongly...been begging them for over a decade to fix it!) sets a file
to 0666, you shouldn't have to touch anything there.

I suspect it's a matter of the path in which you're placing the script.
Every node into the tree must be accessible by the user in question.

mark->
-- 
Audio panton, cogito singularis.

More information about the Filepro-list mailing list