Only root can do that! (but i made it SUID root ?)

qwijibow · 07-07-2004, 07:55 AM

i wrote a script that creates an encrypted loop, and mounts a filesystem image.
i dont want to have to become root every time i mount my encrypted file system, but the script needs root access to setup the loop (with the losetup command)

so i wrote my script, saved it. and as root...
chown 700 myUser /home/user/bin/script
chown user /home/user/bin/script
chmod +s /home/user/bin/script

(i also tried chmod u+s)

so why does the mount command complain that only root can do that!

i thought setting an executable as SUID ROOT made it run with root privilages ! ?

my scripts...

Code:

#!/bin/bash
/sbin/losetup -e aes /dev/loop1 /home/chris/encrypted.fs
mount /dev/loop1 /home/chris/secret/

Code:

#!/bin/bash
umount /dev/loop1
/sbin/losetup -d /dev/loop1

Dark_Helmet · 07-07-2004, 09:01 AM

I'll have to go back and verify, but I remember reading somewhere that shell scripts are the exception: they completely ignore the suid bit. If I find it again, I'll let you know, but I did run an experiment to test it when I learned about it. Execute a simple script like:

Code:

#!/bin/bash

echo "Starting sleep..."
sleep 15
echo "Too Late!"

exit 0

Make it executable and make it SUID. Run the script in the background, and if you pull up a ps listing, it should show the sleep command being executed as non-root.

Your options may end up being to write a compiled version of the script in C or setting up the specific commands in sudo.

Dark_Helmet · 07-07-2004, 09:24 AM

I found a website that seems to talk about it: The Answer Gang

The second question on the page seems to talk a bit about it, and the respnse boiled down to "A script can have SUID set, but unless bash itself is set up for SUID, then the SUID of the script is ignored." At least, that was my interpretation of it.

qwijibow · 07-07-2004, 09:53 AM

BUT... if i set bash to suid.. would that give all users root access in command line ?

Dark_Helmet · 07-07-2004, 10:51 AM

That might solve the problem, but my gut tells me it's probably a bad idea. Setting bash's SUID might cause every command executed by every user to run as root. I dunno for sure... never tried it. The thought behind that is: if every shell started will be owned by root and if bash uses the ID of the person owning the shell to execute new commands, then everybody will (effectively) be root.