LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-10-2011, 09:52 AM   #1
jeriryan
Member
 
Registered: Apr 2003
Location: United States
Distribution: RHEL 5.4, Snow Leopard
Posts: 87

Rep: Reputation: 15
Using SUID bit to run script as root


Hey everyone,

I created a simple script called test that says the following:
Code:
#!/bin/bash
init 6
to test out learning the SUID bit. The script is owned by root, and I did:

Code:
chmod 777 test
chmod u+s test
The permissions now read rwsrwxrwx, but when I try to execute the file as another user, it says init: must be superuser.

I thought the suid bit allows a script to execute as the script's owner, in this case root. Is there possibly some security measure that can prevent this execution?
 
Old 11-10-2011, 10:22 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
SetXid bits on shell scripts haven't been honored since the Trojan Wars.
 
Old 11-10-2011, 10:26 AM   #3
jeriryan
Member
 
Registered: Apr 2003
Location: United States
Distribution: RHEL 5.4, Snow Leopard
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by unSpawn View Post
SetXid bits on shell scripts haven't been honored since the Trojan Wars.
Can you explain what you mean by this? So setting the SGID/SUID bits on shell scripts is useless now? Why does the option still exist? Does setting those bits matter on non-shell script executables?
 
Old 11-10-2011, 10:37 AM   #4
Juako
Member
 
Registered: Mar 2010
Posts: 202

Rep: Reputation: 84
http://en.wikipedia.org/wiki/Setuid#...on_executables

Setuid scripts are only a bad memory now, it was a security nightmare. It does work in binary executables.
 
Old 11-10-2011, 10:41 AM   #5
jeriryan
Member
 
Registered: Apr 2003
Location: United States
Distribution: RHEL 5.4, Snow Leopard
Posts: 87

Original Poster
Rep: Reputation: 15
Smile

Quote:
Originally Posted by Juako View Post
http://en.wikipedia.org/wiki/Setuid#...on_executables

Setuid scripts are only a bad memory now, it was a security nightmare. It does work in binary executables.
Thanks, good to know.
 
Old 11-10-2011, 10:45 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by Juako View Post
It does work in binary executables.
...but the fact it does doesn't or shouldn't automagically legitimise its use. Granted, one expects some binaries to, but setting the bit especially on binaries that shouldn't have it set can have interesting consequences.
 
Old 11-10-2011, 10:52 AM   #7
jeriryan
Member
 
Registered: Apr 2003
Location: United States
Distribution: RHEL 5.4, Snow Leopard
Posts: 87

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by unSpawn View Post
...but the fact it does doesn't or shouldn't automagically legitimise its use. Granted, one expects some binaries to, but setting the bit especially on binaries that shouldn't have it set can have interesting consequences.
Yep, understood. Don't plan on using it, I can see the security implications. Just curious about how it worked.
 
Old 08-03-2012, 05:01 AM   #8
techguru666
LQ Newbie
 
Registered: Jul 2012
Posts: 24

Rep: Reputation: Disabled
Quote:
The permissions now read rwsrwxrwx, but when I try to execute the file as another user, it says init: must be superuser.

I thought the suid bit allows a script to execute as the script's owner, in this case root. Is there possibly some security measure that can prevent this execution?
If you use commands in your script, then all those commands must also have SUID bit set on them. That's what the error means. Try setting SUID bit on init command. And for more info on SUID/SGID/Sticky bit, check following link:

http://www.expertslogin.com/linux-ad...bit-suid-guid/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to run a shell script as root (when user is not root) taylorkh Linux - Newbie 10 09-12-2008 07:05 PM
How can I have a script owned as root and run as root by a user: setuid? stickey bit? abefroman Linux - Newbie 9 04-19-2008 06:15 PM
Is a script, run at boot time from init.d, run with root authority? tmbrwolf53 Linux - Server 2 03-31-2007 09:15 PM
run dhclient suid root? katoom187 Linux - Software 2 02-13-2006 08:54 AM
SUID file drops suid bit on append? c_coder Programming 1 03-12-2004 08:59 AM


All times are GMT -5. The time now is 08:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration