Find the answer to your Linux question:
Results 1 to 8 of 8
Hello, there is a program, called "theprogram" with the following permissions owned by userA: -r-sr-sr-x 1 userA userA This program simply echoes a message and exits. As userB I do ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2010
    Posts
    5

    Do Command Line Scripts Drop SUID Bit?


    Hello, there is a program, called "theprogram" with the following permissions owned by userA:

    -r-sr-sr-x 1 userA userA

    This program simply echoes a message and exits. As userB I do the following:

    while true; do ./theprogram; done

    In another window the top command shows "theprogram" being run as userB who is executing it instead of userA who is the owner. My question is - does this happen because of the command line while loop?

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    the linux kernel has not allowed scripts to run with suid set for some time (for security reasons). to get around this, people typically set up sudo and allow the particular user to run the specified program as whoever they want. you can do w/this without requiring a password, btw.

    if you really want suid-like functionality, then you can wrap your shell command(s) in a C prog. that compiled prog will happily run as suid whoever, security be damned.

  3. #3
    Just Joined!
    Join Date
    Jul 2010
    Posts
    5
    Thank you, I knew about the security restrictions on scripts but I did not realize that command line stuff fell into that category. Thanks for the validation.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Jul 2010
    Posts
    5
    Follow up question that I should have asked before... Is there a way to call a SUID program, such as one with the permissions shown above, in a loop so that it executes as the owner instead of the current user? I tried a C program with both popen and system and the program in question is executed as me instead of the program owner.

  6. #5
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    do you have the suid filesystem option enabled for the filesystem upon which your file resides? by default, it is supposed to be enabled, but it did not work for me until I explicitly mounted my filesystem with mount -o suid ...

    if you've got that straight, then all you should need is the suid flag set. how are you verifying that the program is not run as the user you want? what does the prog do?

  7. #6
    Just Joined!
    Join Date
    Jul 2010
    Posts
    5
    The way I've been verifying is just by looking at the output from the top command which has a column for user on the left. The program is being run under my username instead of the user who owns it. The program itself just reads from a file, outputs the text and exits. Its just a test program. I tried from both a commandline while loop and a for loop+system call in a small C progrem so I'm assuming that they fall under the scripting security settings.

  8. #7
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by Player_0 View Post
    The way I've been verifying is just by looking at the output from the top command which has a column for user on the left. The program is being run under my username instead of the user who owns it. The program itself just reads from a file, outputs the text and exits. Its just a test program. I tried from both a commandline while loop and a for loop+system call in a small C progrem so I'm assuming that they fall under the scripting security settings.
    okay. did you check the suid option on the filesystem? or at least make sure that nosuid is NOT set? you can just run the "mount" command, or look at /proc/mounts.

  9. #8
    Just Joined!
    Join Date
    Aug 2012
    Posts
    8
    Hello, there is a program, called "theprogram" with the following permissions owned by userA:

    -r-sr-sr-x 1 userA userA

    This program simply echoes a message and exits. As userB I do the following:

    while true; do ./theprogram; done

    In another window the top command shows "theprogram" being run as userB who is executing it instead of userA who is the owner. My question is - does this happen because of the command line while loop?

    If you have used any command in your script then you'll have problems with SUID bit, because ownership of that command also matters.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •