Hi,
I have the following 3 test files to test setuid bit which if it works I would like to implement in our application. However setuid doesnot seem to be having any impact on my test below.Following are the 3 files of interest in /tmp/ folder.
[usl20010097 tmp]$ ls -ltr *env*
-rw------- 1 g332008 users 6 Jun 25 17:31 mainoutputfile.txt
-rwxr-x--x 1 cddsuat cddsuat 38 Jun 25 17:51 subscript.ksh
-rwsr-xr-x 1 g332008 users 51 Jun 25 17:53 mainscript.ksh
As you can see /tmp/subscript.ksh
is owned by user cddsuat. It invokes /tmp/mainscript.ksh
and has the following contents:
-bash-3.2$ cat subscript.ksh
#!/usr/bin/ksh
/tmp/mainscript.ksh
/tmp/mainscript.ksh has the following contents:
[usl20010097 tmp]$ cat mainscript.ksh
#!/usr/bin/ksh
echo "hello" >> /tmp/mainoutputfile.txt
Based on the above, setuid bit has been set for owner on /tmp/mainscript.ksh. This means that when /tmp/subscript.ksh invokes /tmp/mainscript.ksh, /tmp/mainscript.ksh runs as the owner of /tmp/mainscript.ksh which is g332008 rather than user cddsuat. So /tmp/mainscript.ksh should be able to write "hello" to the file /tmp/mainoutputfile.txt which is owned by g332008. However when I run /tmp/subscript.ksh I get the following error with respect to write permission on /tmp/mainoutputfile.txt.
-
bash-3.2$ ./subscript.ksh
/tmp/mainscript.ksh[2]: /tmp/mainoutputfile.txt: cannot create [Permission denied]
Please advise why do I get the above permission error even though /tmp/mainscript.ksh has setuid bit set so that any other user invoking this script would be able to run this script as the owner of /tmp/mainscript.ksh. Your advise is much appreciated.
thanks