chown Operation not permitted

I had original made a Stack Overflow post.

I've this command causing errors further down my Jupyter Notebook (detailed in SO post):

! chown -R daemon:daemon elasticsearch-7.9.2

Giving many of these outputs:

chown: changing ownership of ‘elasticsearch-7.9.2/NOTICE.txt’: Operation not permitted
...
---------------------------------------------
SubprocessError                           Traceback (most recent call last)
<ipython-input-25-5f043305a2ca> in <module>
      8 es_server = Popen(['elasticsearch-7.9.2/bin/elasticsearch'],
      9                    stdout=PIPE, stderr=STDOUT,
---> 10                    preexec_fn=lambda: os.setuid(1)  # as daemon
     11                   )
     12 # wait until ES has started

~/anaconda3/envs/mxnet_latest_p37/lib/python3.7/subprocess.py in __init__(self, args, bufsize, executable, stdin, stdout, stderr, preexec_fn, close_fds, shell, cwd, env, universal_newlines, startupinfo, creationflags, restore_signals, start_new_session, pass_fds, encoding, errors, text)
    798                                 c2pread, c2pwrite,
    799                                 errread, errwrite,
--> 800                                 restore_signals, start_new_session)
    801         except:
    802             # Cleanup if the child failed starting.

~/anaconda3/envs/mxnet_latest_p37/lib/python3.7/subprocess.py in _execute_child(self, args, executable, preexec_fn, close_fds, pass_fds, cwd, env, startupinfo, creationflags, shell, p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite, restore_signals, start_new_session)
   1550                             err_msg += ': ' + repr(err_filename)
   1551                     raise child_exception_type(errno_num, err_msg, err_filename)
-> 1552                 raise child_exception_type(err_msg)
   1553 
   1554 

SubprocessError: Exception occurred in preexec_fn.
---------------------------------------------
SubprocessError                           Traceback (most recent call last)
<ipython-input-25-5f043305a2ca> in <module>
      8 es_server = Popen(['elasticsearch-7.9.2/bin/elasticsearch'],
      9                    stdout=PIPE, stderr=STDOUT,
---> 10                    preexec_fn=lambda: os.setuid(1)  # as daemon
     11                   )
     12 # wait until ES has started

~/anaconda3/envs/mxnet_latest_p37/lib/python3.7/subprocess.py in __init__(self, args, bufsize, executable, stdin, stdout, stderr, preexec_fn, close_fds, shell, cwd, env, universal_newlines, startupinfo, creationflags, restore_signals, start_new_session, pass_fds, encoding, errors, text)
    798                                 c2pread, c2pwrite,
    799                                 errread, errwrite,
--> 800                                 restore_signals, start_new_session)
    801         except:
    802             # Cleanup if the child failed starting.

~/anaconda3/envs/mxnet_latest_p37/lib/python3.7/subprocess.py in _execute_child(self, args, executable, preexec_fn, close_fds, pass_fds, cwd, env, startupinfo, creationflags, shell, p2cread, p2cwrite, c2pread, c2pwrite, errread, errwrite, restore_signals, start_new_session)
   1550                             err_msg += ': ' + repr(err_filename)
   1551                     raise child_exception_type(errno_num, err_msg, err_filename)
-> 1552                 raise child_exception_type(err_msg)
   1553 
   1554 

SubprocessError: Exception occurred in preexec_fn.

Appending sudo seems to partially fix my issue as Operation not permitted statements no longer appear:

! sudo chown -R daemon:daemon elasticsearch-7.9.2

However, the SubprocessError traceback remains.

How can I give Python or the kernel or AWS SageMaker root permissions?

There are two possibilities to run a program or script with root permissions.

1. run it with sudo: instead of /path/to/your/script.py, use sudo /path/to/your/script.py. It might help to configure sudo so that it does not ask for password for this particular file. You can do that by putting a file (with any name) into /etc/sudoers.d directory with the following contents:

   ALL ALL=(root) NOPASSWD: /path/to/your/script.py
   

2. use a setuid bit. This method is used mostly for binary programs, because for scripts (like your Python script), Linux for security reasons ignores the setuid bit. However, it is possible to run the script via a binary wrapper, ie. very small binary program that does nothing more than calling the script. Then you should chown your binary program to root and set the setuid bit using chmod u+s /path/to/your/binary. Program with a setuid bit runs with permissions of its owner - ie. in this case root.

   The wrapper program can be written for example in C, like this:

   #include <stdio.h>
   #include <stdlib.h>
   #include <sys/types.h>
   #include <unistd.h>
   #include <sys/wait.h>
   
   int main()
   {
     int rc;
     setuid( 0 );
     rc=WEXITSTATUS(system( "/path/to/your/script.py" ));
     exit(rc);
   }
   

   (to compile a C program, you need to install build-essential package, as C compiler is not installed by default on Ubuntu).