0

I have a node js script that listens on a certain port.

If this script receives a json file it needs to execute a deploy script in a users home dir.

The node script runs under node_user.

The homedir is user_b.

I set up an acl so that user 'node_user' can access user 'user_b' dir and execute the deploy script.

setfacl -m u:node_user:rx deploy.sh

also set the uid on the deploy script so it should be execute under the user it is owned by (user_b): chmod u+s deploy.sh

when i test it the deploy script is executed so sufficient rights there but the script is still being executes as node_user and not as its owner (user_b)

i verified this with: watch -n1 'lsof | grep deploy.sh'

I'm wondering if anyone knows why it doesnt work as expected.

stat deploy.sh 

  File: ‘deploy.sh’
  Size: 918             Blocks: 8          IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 25242546    Links: 1
Access: (4750/-rwsr-x---)  Uid: ( 1003/ user_b)   Gid: ( 1005/ user_b)

getfacl deploy.sh:

# file: deploy.sh
# owner: user_b
# group: user_b
# flags: s--
user::rwx
user:node_user:r-x
group::r-x
mask::r-x
other::---
chichi
  • 3
  • 2

1 Answers1

0

SUID have no effect on scripts. This is by design.

Check this Q/A for reference

Romeo Ninov
  • 3,195
  • 2
  • 13
  • 16
  • Are you sure? /bin/passwd is a script and it has 4775. – chichi Feb 26 '20 at 15:41
  • `/bin/passwd` is actually `/usr/bin/passwd` and it is binary file – Romeo Ninov Feb 26 '20 at 15:55
  • im on centos 7: ls -al /bin/passwd -rwsr-xr-x. 1 root root 27856 Aug 9 2019 /bin/passwd but thats not the point, if setuid has no effect why is it being set on /binpasswd? it is owned by root and if i execute it as a certain user it is executed by root.. exactly what in my understanding it should do... run as the user it is owned by, not as the user execting it – chichi Feb 26 '20 at 15:57
  • `/bin/passwd` is binary file. SUID do not have effect on shell, perl, python scripts – Romeo Ninov Feb 26 '20 at 15:59
  • @chichi, and also check the directory `/bin`, `ls -ld /bin` – Romeo Ninov Feb 26 '20 at 16:01
  • @chichi, you are correct about what SUID do. But this bit have effect only on binary files. Check the link I add to the answer – Romeo Ninov Feb 26 '20 at 16:04
  • ok thx, i will rephrase the original question – chichi Feb 26 '20 at 16:07