1

I am learning about setuid and setgid where the user executing the script will inherit the owner's permission while running the script. To test this, I created a bash as user fiverr in /home/fiverr/test.sh with permision 4755.

rwsr-xr-x 1 fiverr fiverr 39 Dec  6 13:47 /home/fiverr/test.sh

It contains the following:

#!/bin/bash
touch /home/fiverr/raza.txt

I logged-in as me (raza) and try to execute it but I get permission denied. How come?

touch: cannot touch ‘/home/fiverr/raza.txt’: Permission denied
Gilles 'SO- stop being evil'
  • 829,060
Raza
  • 113

1 Answers1

0

Trying to setuid a bash script won't work because of security measures. In the past setuid/setgid functionality was so abused to escalate privileges that nowadays there are several restrictions, including the bash binary and in extension bash scripts not inheriting/giving up setuid/setgid privileges, and only root being able to create setuid files in modern linux distributions.

If you want to run it, you have to get setuid before either using a binary wrapper compiled in C, or doing it in a binary altogether.

If in Debian, you can setuid a copy of /bin/dash and invoke what you want from there.

Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232