SUID not working with shell script
Asked Answered
H

2

13

I have created a small shell script with the following content:

cat /usr/bin/checksuid.sh

!/bin/bash
echo "Hello" > /etc/myfile.cnf

ls -l /usr/bin/checksuid.sh
-rwsr-xr-x 1 root root 56 Sep  9 12:56 /usr/bin/checksuid.sh

I have also created a file /etc/myfile.cnf with root account and set permissions as below:

-rw-r--r-- 1 root root 6 Sep  9 12:26 /etc/myfile.cnf

When I execute /usr/bin/checksuid.sh from a non-root account, I get the following error:

/usr/bin/checksuid.sh: line 3: /etc/myfile.cnf: Permission denied

Can some one help you that why SUID is not working?

Hjerpe answered 9/9, 2013 at 13:8 Comment(1)
It should also be #!/bin/bash as shebang line for bash, but preferably #!/bin/sh.Directorial
B
23

Shell scripts can't be SUID. See http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html

Bamberger answered 9/9, 2013 at 13:10 Comment(0)
G
16

From http://www.tuxation.com/setuid-on-shell-scripts.html:

"the truth is actually that the setuid bit is disabled on a lot of *nix implementations due the massive security holes it incurs"

An alternative approach - wrap the script in something that can use setuid, like this example c program. There are obviously differences to simply calling your script vs using a wrapper like this (e.g. ignored exit codes) but this should give you an idea anyway.

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
   setuid( 0 );
   system( "/path/to/script.sh" );

   return 0;
}
Gipon answered 23/7, 2014 at 19:46 Comment(1)
You should wipe out the environment variables before/when invoking the script to reduce the security risks.Tolyl

© 2022 - 2024 — McMap. All rights reserved.