Everyone has to learn about it for the first time sometime.

Of course they do but hopefully by that stage they have discovered the man pages and/or read a basic book. Of the two objections I raised the first was the fact that you typically can't run suid scripts on a large number of the servers out there without recompiling the kernel to remove that restriction or wrapping the script with a short C execv() function. Have you ever actually tried it?

[user]$ cat test.pl
#!/usr/bin/perl
print "This is a suid test\n";
[user]$ chmod +s test.pl
[user]$ ll rover.pl
-rwsr-xr-x    1 user coders        203 Mar 10 02:41 test.pl
[user]$ ./test.pl
Can't do setuid
[user]$ su root
Password:
[root]# ./test.pl
This is a suid test
[root]# exit
exit
[user]$ ./test.pl
Can't do setuid
$ uname -sr
Linux 2.4.18-27.7.xsmp
$
[download]

I've never needed to do anything in this arena, but my comments aren't about what is the right thing to do. I just wanted to emphasize that it's good to talk about all available options. 1) It helps you understand the underlying mechanics better. 2) When you see a new option, you might realize that you were going about it all wrong anyway, and rearranging your code around the new option would increase elegance. I would rather say, "setuid is an answer, but it's the wrong one." than not mention it at all. That's all.

Lexicon

Suck it and see. 50% of my wisdom is sucked, 50% is seed.... Somewhere we need to make room for at least 10% attitude and total BS but you get that......

cheers

tachyon