Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

setuid

  • 18-01-2010 09:13PM
    #1
    chapod21
    Registered Users, Registered Users 2 Posts: 40


    Hi

    I created a simple script called test that creates a file in the sbin directory called testx. i changed the permissions on the script to 4755 and the owner to root. I try to run it as another user and the script cannot create the file. It works fine when the root user runs it. the permissions on the file are

    -rwsr-xr-x 1 root root 18 Jan 18 19:59 test


    Can some one tell me where i am going wrong


Comments

  • #2
    matrim
    Registered Users, Registered Users 2 Posts: 7,516 ✭✭✭matrim


    chapod21 wrote: »
    Hi

    I created a simple script called test that creates a file in the sbin directory called testx. i changed the permissions on the script to 4755 and the owner to root. I try to run it as another user and the script cannot create the file. It works fine when the root user runs it. the permissions on the file are

    -rwsr-xr-x 1 root root 18 Jan 18 19:59 test


    Can some one tell me where i am going wrong

    I would assume the problem is because writing to the sbin directory would require the script to be run with root permissions, as sbin is only gives write permission to root.


  • #3
    chapod21
    Registered Users, Registered Users 2 Posts: 40 chapod21


    That would normally be the case but from what i have read if you use the setuid permissions the excutable script/file will be run as the owner of the file in this case root

    http://en.wikipedia.org/wiki/Setuid

    an example of this is the passwd command.


  • #4
    djmarkus
    Registered Users, Registered Users 2 Posts: 1,606 ✭✭✭djmarkus


    Scripts cannot be setuid'd. Only binaries.


  • #5
    chapod21
    Registered Users, Registered Users 2 Posts: 40 chapod21


    ok

    thanks for the info


  • #6
    brianmc
    Registered Users, Registered Users 2 Posts: 868 ✭✭✭brianmc


    djmarkus wrote: »
    Scripts cannot be setuid'd. Only binaries.

    Not certain about latest Linux versions but this can certainly be configured in some versions of Unix. It's only a recent* thing to disallow it.


    *Recent meaning, only in the last couple of decades.


    Edit: But of course it would still be a bad idea security-wise. The problem is that scripts are too easily hacked and so a script with suid is potentially a big hole.


  • Advertisement
  • #7
    djmarkus
    Registered Users, Registered Users 2 Posts: 1,606 ✭✭✭djmarkus


    Not without an unsupported patch.

    The only way to run a script as another user is to use a binary wrapper.

    sudo being a good example.


  • #8
    chapod21
    Registered Users, Registered Users 2 Posts: 40 chapod21


    Thanks for the information. It clears everything up


Advertisement