Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So what I try is to create script.sh which modifies let say file a.txt.
The script.sh is owned by specific user, let say test1 and group test1. Also file a.txt is same user and group. Now I do not allow to write for other users to file a.txt, however I set rws------ on script.sh (SUID is set)
File a.txt has permissions rwxr--r--. Now when I execute script.sh as user test2 I got permission error on a.txt.
I understood execution of script.sh is fired from user test2 but as it was run by user test1 who actually has write permisions to a.txt file.
Must be I understand it wrongly. I understood user test2 can't modify a.txt file directly but using script.sh may change accordingly if script.sh requires it.
So what I try is to create script.sh which modifies let say file a.txt.
The script.sh is owned by specific user, let say test1 and group test1. Also file a.txt is same user and group. Now I do not allow to write for other users to file a.txt, however I set rws------ on script.sh (SUID is set)
File a.txt has permissions rwxr--r--. Now when I execute script.sh as user test2 I got permission error on a.txt.
I understood execution of script.sh is fired from user test2 but as it was run by user test1 who actually has write permisions to a.txt file.
Must be I understand it wrongly. I understood user test2 can't modify a.txt file directly but using script.sh may change accordingly if script.sh requires it.
Are you sure the permission error is on a.txt and not on the script itself?
Best would be for you to post the actual command run and the result you got, in code tags. Also the actual result of the ls -l command on the script and the text file.
If
Code:
-rws------ test1 test1 Sep 7 10:10 script.sh
Then user test2 can't read the file to execute it. It probably needs to be
Code:
-rwsr--r-- test1 test1 Sep 7 10:10 script.sh
## or maybe...I'm fuzzy about this
-rwsr-xr-x test1 test1 Sep 7 10:10 script.sh
As I understand it, SUID is used to grant the permissions of user test1 to the script when executed by some other user. It does not grant access to the script. That must still be given in the normal way.
Perhaps a more correct thing to allow other users to access a script and support files would be to make them 755 permissions and place them in /usr/bin, /usr/sbin, /usr/local/bin, or /usr/local/sbin.
Now I do not allow to write for other users to file a.txt, however I set rws------ on script.sh (SUID is set)
Which means the shell that executes script.sh has the rights that IT's userID (user1) has. This suid right is NOT inherited by its children, like the (child) program that works on a.txt (you didn't say, but I assume it is an editor).
So only internal (built-in) commands of the shell run as user1.
That's why suid for a script mostly isn't all that useful, the applications that do the actual work have to be suid too (or run through sudo, but then you don't need the suid at all).
Which means the shell that executes script.sh has the rights that IT's userID (user1) has. This suid right is NOT inherited by its children, like the (child) program that works on a.txt (you didn't say, but I assume it is an editor).
So only internal (built-in) commands of the shell run as user1.
That's why suid for a script mostly isn't all that useful, the applications that do the actual work have to be suid too (or run through sudo, but then you don't need the suid at all).
Thanks you (and others). It answers my question.
M.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.