LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 04-18-2008, 10:57 AM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Rep: Reputation: 53
How can I have a script owned as root and run as root by a user: setuid? stickey bit?


How can I have a script owned as root and run as root when executed by a user?

Is that setuid? or stickey bit?

I tried
chmod 755 myscript.sh
and
chmod +s myscript.sh
but its still running as the user.

This is what ls -al of my script shows:
-rwsr-sr-x 1 root root 32 Apr 18 10:47 myscript.sh

I know I can do it with sudo, but is there another way to do it?

TIA!
 
Old 04-18-2008, 11:34 AM   #2
bsdunix
Senior Member
 
Registered: May 2006
Distribution: Caldera, CTOS, Debian, FreeBSD, Mac OS X, Mandrake, Minix, OpenBSD, Slackware, SuSE
Posts: 1,757

Rep: Reputation: 78
Maybe the partition is mounted with nosuid ?

http://linux.die.net/man/8/mount
 
Old 04-18-2008, 07:49 PM   #3
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by bsdunix View Post
Maybe the partition is mounted with nosuid ?

http://linux.die.net/man/8/mount
No, its the regular / partition.

So, is
chmod +s myscript.sh
the correct method though?
 
Old 04-18-2008, 08:10 PM   #4
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 62
Linux ignores setuid for scripts. Only binaries are allowed to run with setuid. See http://www.dwheeler.com/secure-progr...id-setuid.html

If you have a script you really must run with setuid like permissions, you can use sudo, but you should try to find another solution if possible.

Last edited by matthewg42; 04-18-2008 at 08:11 PM. Reason: add sudo note
 
Old 04-18-2008, 10:42 PM   #5
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by matthewg42 View Post
Linux ignores setuid for scripts. Only binaries are allowed to run with setuid. See http://www.dwheeler.com/secure-progr...id-setuid.html

If you have a script you really must run with setuid like permissions, you can use sudo, but you should try to find another solution if possible.
Ahh, makes sense. How would I compile my script to make it a binary?
 
Old 04-19-2008, 04:54 AM   #6
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 62
Well, you can re-write your script as a C program or something like that, and then build that. Of course that might be trivial or a pain in the rear depending on what it does, and your C coding skills.

Most modern Linux distros have sudo installed as standard, so if you can't accomplish what you want to do anther way, it is probably less hassle than writing your script as a C program.
 
Old 04-19-2008, 05:17 AM   #7
colucix
Moderator
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,453

Rep: Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941
For Perl script there is perlcc, an utility to generate executables from perl programs. I don't know if there is something similar for shell scripts, anyway.
 
Old 04-19-2008, 10:53 AM   #8
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Thanks! One more question, I noticed when I chown a file that has the setuid bit, it loses that bit, is there anyway to keep that bit?

Ex.
I have
-rwsr-sr-x user1 user1 29188 Apr 19 07:18 binary

I run as root:
chown user2.user2 binary

And ls -al give it without the setuid:
-rwxr-xr-x user2 user2 29188 Apr 19 07:18 binary
 
Old 04-19-2008, 03:21 PM   #9
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 62
Just do the setuid after the chown.
 
Old 04-19-2008, 05:15 PM   #10
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by matthewg42 View Post
Just do the setuid after the chown.
That won't work because the username will have changed, user1 can't chown a file owned by user2
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
smbmount- everything is owned by root? can I make it another user? Rotwang Linux - Networking 2 10-02-2007 11:42 PM
How to run script of another user from root? sikandar Linux - Software 4 09-05-2007 03:42 AM
How do I run a startup script as a user other than root? Questor21 Linux - Software 4 04-08-2006 11:51 AM
login run from root-owned xterm garba Linux - Security 2 07-23-2005 11:19 AM
Make a file owned by root owned by a user sharpie Linux - Newbie 2 02-26-2004 01:26 AM


All times are GMT -5. The time now is 03:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration