SETUID not executing the script as owner when executed via PHP script

Question

I have a sh file (with setuid) that I want specific web users to be able to execute from an endpoint:

-rwsr-xr-x   1 root root       59 Sep 11 09:47 restart-workers.sh

The content of this file is simply:

#!/bin/bash
/usr/bin/supervisorctl restart laravel-worker:*

When I invoke this:

exec('/var/www/html/restart-workers.sh', $stdout, $status);

I always get a permission denied error which I expect as PHP-FPM and Nginx are both running as the www-data user, however, I am trying to add the SETUID to the script so when the file is executed, the owner of the file is used to execute the script. Am I invoking this wrong? The sudo package is not installed.

error: <class 'PermissionError'>, [Errno 13] Permission denied: file: /usr/lib/python3/dist-packages/supervisor/xmlrpc.py line: 557

Related: https://security.stackexchange.com/q/194166 tl;dr: it is a security feature. — Vilinkameni, Sep 11 '23 at 10:04
Thanks @Vilinkameni - well this makes it difficult lol permissions are a nightmare — Jaquarh, Sep 11 '23 at 10:08
Does this answer your question? Allow setuid on shell scripts — Kamil Maciorowski, Sep 11 '23 at 12:29
Rather than trying to get a "setuid interpreter script" to work (you probably can't, because it's a well known security no-no), read man sudo sudoers. — waltinator, Sep 11 '23 at 13:38
You should exec across SSH session, from web interface ther user must provide SSH auth params. — Francisco, Sep 11 '23 at 22:43

SETUID not executing the script as owner when executed via PHP script

0 Answers0