Find the answer to your Linux question:
Results 1 to 3 of 3
Like Tree1Likes
  • 1 Post By alf55
Hi, I have the following 3 test files to test setuid bit which if it works I would like to implement in our application. However setuid doesnot seem to be ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2013
    Posts
    1

    Setuid not working in linux as script fails to write to file.


    Hi,

    I have the following 3 test files to test setuid bit which if it works I would like to implement in our application. However setuid doesnot seem to be having any impact on my test below.Following are the 3 files of interest in /tmp/ folder.

    [usl20010097 tmp]$ ls -ltr *env*
    -rw------- 1 g332008 users 6 Jun 25 17:31 mainoutputfile.txt
    -rwxr-x--x 1 cddsuat cddsuat 38 Jun 25 17:51 subscript.ksh
    -rwsr-xr-x 1 g332008 users 51 Jun 25 17:53 mainscript.ksh


    As you can see /tmp/subscript.ksh
    is owned by user cddsuat. It invokes /tmp/mainscript.ksh
    and has the following contents:
    -bash-3.2$ cat subscript.ksh
    #!/usr/bin/ksh
    /tmp/mainscript.ksh


    /tmp/mainscript.ksh has the following contents:
    [usl20010097 tmp]$ cat mainscript.ksh
    #!/usr/bin/ksh
    echo "hello" >> /tmp/mainoutputfile.txt


    Based on the above, setuid bit has been set for owner on /tmp/mainscript.ksh. This means that when /tmp/subscript.ksh invokes /tmp/mainscript.ksh, /tmp/mainscript.ksh runs as the owner of /tmp/mainscript.ksh which is g332008 rather than user cddsuat. So /tmp/mainscript.ksh should be able to write "hello" to the file /tmp/mainoutputfile.txt which is owned by g332008. However when I run /tmp/subscript.ksh I get the following error with respect to write permission on /tmp/mainoutputfile.txt.

    -bash-3.2$ ./subscript.ksh
    /tmp/mainscript.ksh[2]: /tmp/mainoutputfile.txt: cannot create [Permission denied]


    Please advise why do I get the above permission error even though /tmp/mainscript.ksh has setuid bit set so that any other user invoking this script would be able to run this script as the owner of /tmp/mainscript.ksh. Your advise is much appreciated.

    thanks

  2. #2
    Linux Enthusiast
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    581
    Scripts can not make use of the SID sticky bit.


    Please see: Setuid and shell scripts, explained
    Last edited by alf55; 06-26-2013 at 05:50 AM. Reason: Added link to an article
    drl likes this.

  3. #3
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    Quote Originally Posted by alf55 View Post
    Scripts can not make use of the SID sticky bit.


    Please see: Setuid and shell scripts, explained
    Well done, delivering not just an explanation, but a solution.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •