How To SetUID/SetGID Scripts
How To SetUID/SetGID Scripts
When scripts have a mode that includes setuid or setgid bits set, they can be executed directly on Solaris 10. However, on Red Hat Enterprise Linux, scripts will run, but without the extra permissions enabled by setuid or setgid. Only executables can run successfully with the change in user ID or group ID.
In order to run a script with setuid or setgid on Linux, use the following recipe.
Rename the script
Rename the script so a wrapper can assume the original name. For example:
mv script script_wrapped
Create an executable to assume the original name
Create a C program that will assume the name of the original script. In an editor, create the C program with the original script name. For example, create the file script.c:
#include <stdio.h>
#include <unistd.h>
int main(int argc, char ** argv)
{
/* Reset uid/gid */
setregid(getegid(), getegid());
setreuid(geteuid(), geteuid());
/* Attempt to execute script */
execv("./script_wrapped", argv);
/* Reach here if execv failed */
perror("execv");
return 1;
}
Be sure to replace the name of the wrapped script with the correct name.
Compile the new script
Compile the script C file into an executable. Set the mode of the executable to include the setuid or setgid bit. For example:
cc script.c -o script chmod g+s script
Test
Test the that the wrapper will execute the script.
Last modified: 2015/04/08 11:44:1.788467 GMT-4 by
curtis.f.smith.1
Created: 2015/04/08 11:19:8.609001 GMT-4 by curtis.f.smith.1.