Jump to content

Sticky bit question


Recommended Posts

I have a user photo that is basically only for scripts to retrieves pictures from my camera and my phone. I do this so that the scripts can set the pictures to read-write for the photo user but read-only for the rest of the world, and I only ever log in as photo to retrieve the files. (I have lost really cool pictures accidentally before, so I'm extra cautious.)

 

I'd like to have the photo user's scripts executable from my regular user account and have set o+x and the sticky bit, but even with the sticky bit set the files and directories created by the script are owned by the user running the script, not by the photo user that owns the script.

 

Is there any way that I can truly run a script as user photo while logged in as user blahblahblah?

Link to comment
Share on other sites

New files get group/owner of the user that is running the program that creates them, unless you change this with su or sudo. I have a similar seituation where I use "su" to start a script as another user by means of following command:

su - photo -c "script.sh arg1 arg2 arg3"

This will start script.sh as user photo with arguments arg1..3

Link to comment
Share on other sites

I have a follow-up question then.

 

If I just want to sudo (I don't) I can set up my sudoers entry for that command with the NOPASSWD option so that I can just run the command, fire-and-forget. Is there a way to set up my account so that I can do the same thing with a plain su?

Link to comment
Share on other sites

put yourself in the wheel group

if the wheel group doesn't exist then create it

grep wheel /etc/group*
/etc/group:wheel:x:16:paulw,markv
/etc/group-:wheel:x:16:paulw,markv

 

then edit /etc/pam.d/su

# Uncomment this if you want wheel members to be able to
# su without a password.
auth	   sufficient pam_wheel.so trust

Link to comment
Share on other sites

Not quite certain but recommend to have a look at sudo and sudoers (the file that defines what authority you delegate). My understanding is that (by means of /etc/sudoers file, only to be edited by command 'visudo') this allows fine granular control on who can do what (in addition to normal user/group permissions).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...