I had to do a dirty Linux hack for somebody so they could start a printer with the cupsenable printername
shell command while being a non-root user. I didn't want them to be able to use the entirety of the cupsenable
syntax as root, so I just wrote a C wrapper that sanitizes the input in argv[1]
and calls system("cupsenable sanitizedprintername")
.
I made the program setuid root, but even so, cupsenable
failed with "permission denied". Then I inserted a setuid(0)
call before system()
and, lo and behold, it worked.
Disregard the issue of there being a better way to give users control of the printer. There probably is a better way. What I'm interested in are the intricacies of chmod u+s
vs. setuid(0)
vs. system()
. Why did it behave that way?