how to make an executable run as another user

Bill Moran wmoran at potentialtech.com
Fri Sep 17 12:26:19 PDT 2004


Richard Bradley <rtb27 at cam.ac.uk> wrote:
> Um. I feel silly asking this. But I can't work it out.

Not silly, common problem for shell script writers.

> I want a shell script to run as another user. I always thought this was easy 
> to do with the setuid bit, but never tried it before. I read "man chmod" and 
> found this:
> 
> .....
> 4000    (the setuid bit).  Executable files with this bit set will
>                  run with effective uid set to the uid of the file owner.
> .....
> s       The set-user-ID-on-execution and set-group-ID-on-execution
>                    bits.
> ....
> 
> And off I went. I wrote a shell script to output the current uid. I chown'ed 
> it to another user. I "chmod +s"ed it. I ran it.
> 
> It didn't work.
> 
> -----
> 
> rtb27# cat test
> #! /bin/sh
> whoami
> rtb27# ll test
> -rwsr-sr-x  1 rich wheel  20 Sep 17 19:34 test
> rtb27# ./test
> root

Interpreted programs (i.e. scripts) don't honor setuid/setgid (with the
notable exception of setuidperl, which is installed but disabled on
FreeBSD)

Clever use of su or sudo can work around this.  Also, writing a C or
C++ wrapper program will help.  That's a bit of a PITA, though.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com


More information about the freebsd-questions mailing list