Shell Programming and Scripting

suid is for binary executables, not shell scripts. This is for security reasons.

Please google for
sudo examples

---------- Post updated at 12:35 PM ---------- Previous update was at 12:25 PM ----------

Traditional Unix and its commercial derivates allow SUID scripts.

The standards allow implementations to ignore the set-UID bit on executables as long as they document the conditions when they do so. I wasn't aware that Linux always ignored the set-UID bit on shell scripts.

Many systems allow set-UID shell scripts.

Many systems will clear the set-UID bit on a file when it is opened for writing.

Some systems will clear the set-UID bit on a file whenever the contents of the file are changed.

Is his one of them? Many also don't.

Obviously, not.

Agreed. Before this thread started, I wasn't aware that disallowing set-UID execution of shell scripts was so common.

Code:

Many systems will clear the set-UID bit on a file when it is opened for writing

Per POSIX:

write() system call

Code:

Upon successful completion, where nbyte is greater than 0, 
write() will mark for update the st_ctime and st_mtime fields of the file, 
and if the file is a regular file, the S_ISUID and S_ISGID bits of the file 
mode may be cleared.

I don't see where open() does that - FWIW.

You're correct in saying that POSIX conforming systems aren't allowed to do this. (Although the standard isn't entirely consistent on this point. The descriptions of ftruncate() and truncate() both say that the S_ISUID and S_ISGID bits may be cleared if they change the size of the file. It is strange that open() with the O_TRUNC flag set doesn't make the same allowance.)

You may have also noticed the RATIONALE in the Base Definitions volume's description of the <sys/stat.h> header:
I believe some non-conforming implementations still clear both of these bits on any successful open for writing, although I can't name any examples at this time.