Why my SETUID does not work as expected?

summer_cherry · November 16, 2015, 3:31am

Hi All,

Thanks for your help in advanced.

Could you please kindly help on why my SETUID does not work?

create a file, only root can read write it

/tmp>ls -l a.log
-rw------- 1 root root 3 Nov 12 18:57 a.log

create a script under root with SETUID

/tmp>ls -l a.sh
-rwsr-sr-x 1 root root 23 Nov 16 00:18 a.sh

the script will read above created file

/tmp>cat a.sh
#! /bin/bash
cat a.log

run under non-root account, but still failed? why?

/tmp>a.sh
cat: a.log: Permission denied

Is it due to 'cat' is not setuid? If so, how can I modify my script to let SETUID take effect?

RudiC · November 16, 2015, 4:02am

I vaguely remember having read that certain systems' shells can't be run setuid. Try printing the effective UID from within the script.

rbatte1 · November 16, 2015, 9:07am

Is this script in a non-SUID filesystem perhaps? Have a look at the mount options for the filesystem that the script is in. You can probably get it by:-

df /path/to/your/script

You can then review /etc/fstab, /etc/vfstab or /etc/filesystems as applicable to your operating system (you don't say which, so these are the most common)

You might also get the same information from the mount command by itself, but this may be OS specific, so I'd be less sure about that.

Does that help?
Robin

fpmurphy · November 17, 2015, 9:33pm

Linux and most other Unix-like OSes by design ignore the setuid bit on an executable script.