Find the answer to your Linux question:
Results 1 to 7 of 7
If SUID is set: the application always runs as the owner of the application, no matter who runs the application. I tried a simple script, seems it's not working as ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2011
    Posts
    4

    SUID question


    If SUID is set: the application always runs as the owner of the application, no matter who runs the application.

    I tried a simple script, seems it's not working as I expected. Could someone tell me if I did wrong?

    I created a script file test_suid.sh, with just one command inside:
    touch test

    And changed the owner of the file test_suid.sh to be "wwwrun".
    And set SUID bit on. (chmod u+s test_suid.sh)

    But when I ran it, the "test" file created still belong to my username, but not "wwwrun".

    Can someone explain why? Is there other "trick"? or my understanding is not right?

    Thanks

  2. #2
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    1,217
    Quote Originally Posted by charmdream View Post
    If SUID is set: the application always runs as the owner of the application, no matter who runs the application.

    I tried a simple script, seems it's not working as I expected. Could someone tell me if I did wrong?

    I created a script file test_suid.sh, with just one command inside:
    touch test

    And changed the owner of the file test_suid.sh to be "wwwrun".
    And set SUID bit on. (chmod u+s test_suid.sh)

    But when I ran it, the "test" file created still belong to my username, but not "wwwrun".

    Can someone explain why? Is there other "trick"? or my understanding is not right?

    Thanks
    Well, there's your UID and your EUID. The EUID is your "effective UID" and may be different from your real UID. I'm not sure but I think setting suid changes only the EUID. It's like using su as against su -. Try putting the commands
    Code:
    echo $UID
    echo $EUID
    into your script and see what happens.
    "I'm just a little old lady; don't try to dazzle me with jargon!"
    www.hrussman.entadsl.com

  3. #3
    Just Joined!
    Join Date
    Aug 2011
    Posts
    4

    Question

    Thanks for your reply.

    I tried to add echo of $UID and $EUID in the script.
    And both showed same value as my user, NOT the id of the file's owner user.

    It seems the SUID had no effect and didn't change anything.
    Is there any other settings regarding this?

    Thanks again

    Quote Originally Posted by hazel View Post
    Well, there's your UID and your EUID. The EUID is your "effective UID" and may be different from your real UID. I'm not sure but I think setting suid changes only the EUID. It's like using su as against su -. Try putting the commands
    Code:
    echo $UID
    echo $EUID
    into your script and see what happens.

  4. #4
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    I'm pretty sure that the kernel as of (a long time ago...) does not allow scripts to run with the setuid bit. You'll have to convert your script to a C prog and setuid that guy - at least that was my solution when I ran into this.

  5. #5
    Just Joined!
    Join Date
    Aug 2011
    Posts
    4
    So you mean SUID/SGID is not supported in shell level?

    Thanks

    Quote Originally Posted by atreyu View Post
    I'm pretty sure that the kernel as of (a long time ago...) does not allow scripts to run with the setuid bit. You'll have to convert your script to a C prog and setuid that guy - at least that was my solution when I ran into this.

  6. #6
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    1,217
    Quote Originally Posted by charmdream View Post
    So you mean SUID/SGID is not supported in shell level?

    Thanks
    Ah yes! I'd forgetton that wrinkle. The reason SUID/SGID is not supported for scripts is to prevent "script kiddies" from writing malicious software that could run with root permissions.
    Writing C programs is much more difficult than writing bash scripts, so less likely to be abused. It's for the same reason that the exec bit is not honoured for files on floppy disks.
    "I'm just a little old lady; don't try to dazzle me with jargon!"
    www.hrussman.entadsl.com

  7. #7
    Just Joined!
    Join Date
    Aug 2011
    Posts
    4
    I got it. No wonder I couldn't make it work.
    Thanks for the information.

    Quote Originally Posted by hazel View Post
    Ah yes! I'd forgetton that wrinkle. The reason SUID/SGID is not supported for scripts is to prevent "script kiddies" from writing malicious software that could run with root permissions.
    Writing C programs is much more difficult than writing bash scripts, so less likely to be abused. It's for the same reason that the exec bit is not honoured for files on floppy disks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •