1

I created a small script as the root user...

#!/bin/bash

cat /etc/shadow

and set the setuid bit and placed it within the guest folder. When I ran the script as guest, it showed permission denied. Why? I had the root setuid bit set on it which should execute it with the root privileges as root user created the script.

Armen Michaeli
  • 279
1zverg
  • 301
  • Despite what the answers from the purported dupe say, if you REALLY want it, you can use setuid scripts on Linux. Even making them unreadable, which regular scripts can't be. –  Sep 23 '19 at 05:55
  • @mosvy I just tried that trick on my Debian 9. Indeed the unreadable script is executed, but the suid bit of the interpreter script remains ignored. With which system could you verify that? – Philippos Sep 24 '19 at 10:49
  • @Philippos You either have your filesystem mounted nosuid or it's an effect of this. I have "fixed" my example for the latter case ;-) –  Sep 24 '19 at 14:35
  • Latter case here. And as far as I can see, it won't work with /bin/sh being a current dash? – Philippos Sep 24 '19 at 15:15
  • @Philippos Since I pass the -p option to sh, it does work with /bin/sh being either a current dash or bash (as that from debian buster). The -p option will cause an error with older versions of dash (or with busybox), I've added a note about that. (btw, I don't get notifications about comments without the at-user) –  Sep 25 '19 at 15:31

1 Answers1

1

The reason this doesn't work is that the SUID bit is ignored on interpreted scripts. If you wrote a C program that executed the same command, then it would work.

Fox
  • 8,193