or only root can? I want to change the uid/gid of an non-root from a .sh script by calling setuid/setgid. Is it possible?
A:
per default, only root can use setuid/setgid. maybe with selinux or something like that.
allo
2010-09-23 00:31:22
A:
There is no setuid or setgid command available to sh(1), the Bourne shell. Actually setuid(2) and setgid() are system calls only available in programming languages such as C or Perl(and in just about any code except shell scripts). Even when available, the calls have limited utility when called as non-root users. These calls give no privilege not already available to the real user.
There are also the file modes setuid(setuid bit set) or setgid (meaning setgid bit set); but those are only for binary executables, not (normally) for sh scripts*.
For ordinary users to run a command as a different user without reentering a password, even from a script, use the sudo(8) command. Sudo requires configuration by a system administrator.
There are other ways of acting as a different user; but all involve calling an external executable which has been blessed(had the setuid bit set) by the super user, or by having some other user's process perform a task.
See Also
sudo(8) The sudo command
setuid(2) The setuid system call
setuid bit The access mode
*Setuid on Shell Scripts
How can I get setuid shell scripts to work?
Frayser
2010-09-27 17:07:30