Score:0

I'm trying to provide limited access to certain functionality using links, bash scripts and SUID. SUID script does not run with root access

mr flag

EDIT: this Sticky bit enabled Script can't write to a root file appears to be a similar problem

EDIT: How can I use SetUID on a shell script to run as a non-root user? is very similar as well.

I have a script, let's call it read.sh. I have a file, lets call it secret.

# cd /home/normie
# echo "some stuff" > secret
# echo "#!/bin/bash" > read.sh
# echo "cat secret" >> read.sh
# chmod 600 secret
# chmod 4755 read.sh
# su normie
$ ./read.sh
<<Error about not having access to secret>>

Did I miss something? I thought the SUID bit made the script run as the owner? When I run the following

# echo "touch newfile" > sumfile.sh
# chmod 4755 sumfile.sh
# su normie
$ ./sumfile.sh
$ ls -alh
<<newfile shows as owned by root>>

What is going on here, and how do I make it work the way I want? The way I want being, I want regular users to execute a particular script with full root access. (I thought that's what the suid bit did )

vidarlo avatar
ar flag
Does this answer your question? [How can I use SetUID on a shell script to run as a non-root user?](https://serverfault.com/questions/397969/how-can-i-use-setuid-on-a-shell-script-to-run-as-a-non-root-user)
FIREBAAT avatar
mr flag
@vidarlo, mostly. I grabbed some info from other places.
Score:-1
mr flag

Install sudo apt install sudo

Make the relevant users part of some group groupadd group && usermod -g group user

Add the following to /etc/sudoers %group (ALL)=(root:root) NOPASSWD:/path/to/script.sh

Add an alias to .bashrc alias ALIAS='sudo /path/to/script.sh'" >> ~user/.bashrc

All members of group can now run the script in question as root.

Answer shamelessly stolen from How can I use SetUID on a shell script to run as a non-root user? (user9517)

vidarlo avatar
ar flag
Please don't copy answers from Serverfault; rather flag the question as duplicate if you believe another answer can close this question. While the license permits you to copy, it's better to close the question as duplicate.
FIREBAAT avatar
mr flag
@CommunityBot There's a pattern here of the community ignoring my questions until I answer then myself, then rushing in to down vote me, or providing some meaningless prattle that offers no practical advice, and then circle-jerking each other. Until the community starts delivering some actual value, I really don't care what you think of how I answer my own questions.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.