You have a problem you think you can solve by using the setuid or setgid bit on a shell script.
Use Unix groups and file permissions and/or sudo to grant the appropriate users the least privilege they need to accomplish their task.
Using the setuid or setgid bit on a shell script will create more problems—especially security problems—than it solves.
Some systems (such as Linux) don’t even honor the setuid bit on shell scripts, so creating setuid shell scripts creates an unnecessary portability problem in addition to the security risks.
setuid root scripts are especially dangerous, so don’t even think about it.
Use sudo. setuid and setgid have a different meaning when applied to directories than they do
when applied to executable files.
When one of these is set on a directory it causes any newly created files or subdirectories to be owned by the directory’s owner or group, respectively.
Note you can check a file to see if it is setuid by using test -u or setgid by using test -g.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
$ mkdir suid_dir sgid_dir $ touch suid_file sgid_file $ ls -l total 4 drwxr-xr-x 2 jp users 512 Dec 9 03:45 sgid_dir -rw-r--r-- 1 jp users 0 Dec 9 03:45 sgid_file drwxr-xr-x 2 jp users 512 Dec 9 03:45 suid_dir -rw-r--r-- 1 jp users 0 Dec 9 03:45 suid_file $ chmod 4755 suid_dir suid_file $ chmod 2755 sgid_dir sgid_file $ ls -l total 4 drwxr-sr-x 2 jp users 512 Dec 9 03:45 sgid_dir -rwxr-sr-x 1 jp users 0 Dec 9 03:45 sgid_file drwsr-xr-x 2 jp users 512 Dec 9 03:45 suid_dir -rwsr-xr-x 1 jp users 0 Dec 9 03:45 suid_file $ [ -u suid_dir ] && echo 'Yup, suid' || echo 'Nope, not suid' Yup, suid $ [ -u sgid_dir ] && echo 'Yup, suid' || echo 'Nope, not suid' Nope, not suid $ [ -g sgid_file ] && echo 'Yup, sgid' || echo 'Nope, not sgid' Yup, sgid $ [ -g suid_file ] && echo 'Yup, sgid' || echo 'Nope, not sgid' Nope, not sgid |
