SUID does not work with shell script

Question

SUID does not work with shell script

I created a small shell script with the following contents:

cat /usr/bin/checksuid.sh !/bin/bash echo "Hello" > /etc/myfile.cnf ls -l /usr/bin/checksuid.sh -rwsr-xr-x 1 root root 56 Sep 9 12:56 /usr/bin/checksuid.sh

I also created the /etc/myfile.cnf file with the root account and set permissions as shown below:

 -rw-r--r-- 1 root root 6 Sep 9 12:26 /etc/myfile.cnf

When I execute /usr/bin/checksuid.sh from a non-root account, I get the following error:

 /usr/bin/checksuid.sh: line 3: /etc/myfile.cnf: Permission denied

Can someone help you why SUID is not working?

+8

linux bash shell suid

Sachin gupta Sep 09 '13 at 13:08

source share

2 answers

Douglas leder · Answer 1 · 2013-09-09T13:10:37+0000

Shell scripts cannot be SUIDs. See http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html

Sk606 · Answer 2 · 2014-07-23T19:46:47+0000

From http://www.tuxation.com/setuid-on-shell-scripts.html :

"the truth is that the setuid bit is disabled on many * nix implementations due to the massive security holes it carries"

An alternative approach is to wrap the script with what setuid might use, like this c-program example. Obviously, there are differences in a simple script vs call using such a wrapper (such as ignored exit codes), but this should give you an idea anyway.

 #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <unistd.h> int main() { setuid( 0 ); system( "/path/to/script.sh" ); return 0; }

SUID does not work with shell script

More articles: