SUID permission on Bash script
Jerry McAllister
jerrymc at msu.edu
Sat Aug 29 16:07:22 UTC 2009
On Fri, Aug 28, 2009 at 08:10:59PM -0600, Tim Judd wrote:
> On 8/28/09, RW <rwmaillists at googlemail.com> wrote:
> > On Fri, 28 Aug 2009 11:54:19 +0300
> > Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
> >
> >> On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo
> >> <jeronimocalvop at googlemail.com> wrote:
> >
> >> > As far as i know, using SUID, script must runs with root
> >> > permissions... so i shoudnt get "Permission denied", what im doing
> >> > wrong??
> >>
> >> No it must not. There are security reasons why shell scripts are not
> >> setuid-capable. You can find some of them in the archives of the
> >> mailing list, going back at least until 1997.
> >
> > I'm bit puzzled by this, previous threads have given the impression
> > that this is a myth, for example:
> >
> > http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html
> >
> > So are scripts actually incapable of running setuid?
>
>
> Dunno, but this dawns on me..
>
> what defines a script? I've always defined a script that starts with
> a #! shebang.
>
> So the script can be SUID, but the interpreter/shell isn't. Is that
> why it doesn't work?
It doesn't work because the system does not allow it - for security
reasons. You could fish around and defeat that but don't.
The most common way to get around it is create a tiny binary that
can run Setuid which merely invokes your script.
The better way is to use Sudo as has been suggested already
in this thread.
////jerry
>
>
> --Tim
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list