Why does SetSUID not work for shell script?
It is documented in execve(2) :
Linux ignores the set-user-ID and set-group-ID bits on scripts.
IIRC, setuid scripts would be a significant security hole
See this question
You could configure sudo
to avoid asking a password - see sudoers(5) (or use super
)
You could also write a simple C program wrapping your shell script, and make it setuid.
SUID doesn't work in Bash
In Linux and most other modern UNIX-family systems, setuid bits are only recognized for direct binary executables, not scripts.
This is by design, and for security reasons. You can work around it by building a compiled wrapper for your setuid scripts, or using an existing tool (such as sudo
with a configuration to avoid needing a password when calling the specific script as the desired user).
See this comprehensive discussion on UNIX StackExchange.
Why is setuid not running as the owner?
The suid bit works only on binary executable programs, not on shell scripts. You can find more info here: https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts
setuid on an executable doesn't seem to work
First and foremost, setuid bit
simply allows a script to set the uid
. The script still needs to call setuid()
or setreuid()
to run in the the real uid
or effective uid
respectively. Without calling setuid()
or setreuid()
, the script will still run as the user who invoked the script.
Avoid system
and exec
as they drop privileges for security reason. You can use kill()
to kill the processes.
Check These out.
http://linux.die.net/man/2/setuid
http://man7.org/linux/man-pages/man2/setreuid.2.html
http://man7.org/linux/man-pages/man2/kill.2.html
Related Topics
Application Control of Tcp Retransmission on Linux
How to Avoid Transparent_Hugepage/Defrag Warning from Mongodb
Getting Pid and Details for Topmost Window
Sed with Literal String--Not Input File
How to Get the Absolute Directory of a File in Bash
Don't Add "+" to Linux Kernel Version
Why Child Process Still Alive After Parent Process Was Killed in Linux
Can Read() Function on a Connected Socket Return Zero Bytes
Crontab Run Every 15 Minutes Except at 3Am
Virtualenv: Workon Command Not Found
Docker Volume Not Mounting Any Files
How to Determine the Current CPU Utilization from the Shell
When to Check for Eintr and Repeat the Function Call
How to Escape Colon (:) in $Path on Unix
Memory Limit to a 32-Bit Process Running on a 64-Bit Linux Os
Get a Browser Rendered HTML+Javascript
Variable in Bash Script That Keeps It Value from the Last Time Running