Established method to enable suid scripts?

Jonathan McKeown j.mckeown at
Wed May 11 09:59:54 UTC 2011

On Wednesday 11 May 2011 04:19:29 Devin Teske wrote:
> The reason that the suid bit doesn't work on scripts (shell, perl, or
> otherwise) is because these are essentially text files that are interpreted
> by their associated interpreter. It is the interpreter itself that must be
> suid.

I'm pretty sure that's not the case, although I'm open to correction.

The reason the system ignores the suid bit on a script is because of what 
would happen when it's executed:

1) the script is read from a file called <filename> and the system notices 
that it needs to be interpreted by another program.

2) that program is launched and told to re-open the file named <filename> and 
execute its contents with suid privilege.

The problem is a race condition: there's no guarantee that the filename opened 
by the interpreter in step 2 is the same file the user executed in step 1.

There are two common ways round this: ignore the suid bit; or arrange within 
the OS to pass a handle to the original file rather than a filename so that 
the script can't be changed out from under the interpreter.


More information about the freebsd-questions mailing list