Suid Not Working with Shell Script

Why does SetSUID not work for shell script?

It is documented in execve(2) :

Linux ignores the set-user-ID and set-group-ID bits on scripts.

^{IIRC, setuid scripts would be a significant security hole}

See this question

You could configure sudo to avoid asking a password - see sudoers(5) (or use super)

You could also write a simple C program wrapping your shell script, and make it setuid.

SUID doesn't work in Bash

In Linux and most other modern UNIX-family systems, setuid bits are only recognized for direct binary executables, not scripts.

This is by design, and for security reasons. You can work around it by building a compiled wrapper for your setuid scripts, or using an existing tool (such as sudo with a configuration to avoid needing a password when calling the specific script as the desired user).

See this comprehensive discussion on UNIX StackExchange.

Why is setuid not running as the owner?

The suid bit works only on binary executable programs, not on shell scripts. You can find more info here: https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts

setuid on an executable doesn't seem to work

First and foremost, setuid bit simply allows a script to set the uid. The script still needs to call setuid() or setreuid() to run in the the real uid or effective uid respectively. Without calling setuid() or setreuid(), the script will still run as the user who invoked the script.

Avoid system and exec as they drop privileges for security reason. You can use kill() to kill the processes.

Check These out.

http://linux.die.net/man/2/setuid

http://man7.org/linux/man-pages/man2/setreuid.2.html

http://man7.org/linux/man-pages/man2/kill.2.html

---

Related Topics