Shell Programming and Scripting

SUID works for shell scripts (bash)??

I'm user user1 need to execute a shell script (script.sh) which is owned by user2.

Code:

-rwsrwxrwx 1 user2 aduser 3518 Aug 21 05:33 script.sh

Only user2 has write privileges to write/copy a file in directory /dir1/subdir. Hence SUID bit permissions are set to that script.sh. But still not able to run the script from user1 account. It says permissions denied to /dir1/subdir.

But the same script (script.sh) runs successfully from user2 account and able to copy/write a file in /dir1/subdir.

I don't have any clue.. Please help me..

SUID for shell scripts will not work on most modern unix/linux systems.
This is due security reasons.

What you can do is to make a C program calling shell script and put a SUID on that compiled binary.

Can you perhaps use standard (or ACL) unix permissions to achieve the result you want to make ?

You may find that the filesystem containing your script prevents SUID being recognised.

You don't tell us your actual OS, but can you show us the output from:-

Code:

df  /path/to/script
grep  file-system  /etc/?fstab  /etc/filesystems

The file-system will be the right-most column from the df command. I've asked it to search in various places (some of which won't exist) to try to cover all operating systems.


Robin

As has been said before, it is always a good idea to tell us what operating system you're using (in addition to the shell you're using) when you ask a question here. We can give you much more responsive suggestions if we know the environment you're using...

Even on systems that allow set-UID and/or set-GID scripts, most of them won't allow it when users other than the file's owner (especially for set-UID scripts) and/or groups other than the file's group (especially for set-GID scripts) can write to the file containing the script.

If you can get user2 to change the mode of script.sh from mode 4777 to mode 4755, you might get it to work on some systems.

sudo is another approach. It allows users to run code as other users. Your sysadmin has to set this up.

See (linux example): https://www.linux.com/learn/tutorial...uction-to-sudo

sudo is available for a lot of UNIX platforms

Except you have to be really careful when you do that. A simple

Code:

int main()
{
    return ( system( "/path/to/some/command" ) );
}

is NOT secure.

Thank you all for your comments..
I'm using Unix (solaris 5.10)

I tried the following c program:

Code:

 #include <stdio.h>
#include <stdlib.h>
 #define SHELLSCRIPT "\
/home/user1/script_test/test_script_v1 \n\
"
 int main()
{
    puts(SHELLSCRIPT);
    system(SHELLSCRIPT);
    return 0;
}

Note: /home/user1/script_test/test_script_v1 --> script to copy a file in /dir1/subdir where user1 (me) don't have access to write/copy a file

The program is compiled and I had set the SUID permissions. After setting SUID for that executable I tried to execute it from my home dir, It executed successfully and copied the file in the directory /dir1/subdir.
But I need to pass 5 input parameters to shell script, The scenario just tested is just executing the shell script from c program.. But I need to pass input parameters to shell script. Can anyone please tell me how to change the above c program to pass inputs to shell script.
Thanks in advance.