0

I need to give permission to a local user to run an installation script that requires root privilege. So I created a special group in which this user is a member of and gave the permissions to the install script as follows:

# chown -R root:grpx install.sh
# chmod 750 install.sh
-rwxr-x--- 1 root grpx 450 Sep 21  2012 install.sh*

This is to ensure that the read-execute permissions are available while write permission is denied so that elevation of power is not abused.

Now I had used setuid to give elevated privilege. 

# chmod 4750 install.sh
[root@hp codeathlon]# ls -lrt install.sh
-rwsr-x--- 1 root grpx 450 Sep 21  2012 install.sh*

Despite this I get Operation not permitted errors when I try running the script as the user. Is this because the internal script commands are still run as the original user and not the root? If so please advise me on circumventing this problem.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
Quiescent
  • 125
  • 10
  • You should be using `sudo` for this. – EEAA Sep 03 '14 at 04:34
  • Yes but I was trying to minimise privileges to this particular user, so did not provide sudo with nopassword. – Quiescent Sep 03 '14 at 04:38
  • 4
    Whether you want to hear it or not, `sudo` is the correct tool for the job. Not only will it solve the permissions problems you're running into, but it also adds an additional layer of auditing that you are currently not getting. There is no good reason you can't configure sudo to only give this user permissions to run this script only, and no others. – EEAA Sep 03 '14 at 04:39
  • I have tried the method suggested at http://www.tuxation.com/setuid-on-shell-scripts.html but it gave the same result. – Quiescent Sep 03 '14 at 04:40
  • Ok, I shall figure how to configure to enable sudo only for the script. Thanks for the advice. :) – Quiescent Sep 03 '14 at 04:41

0 Answers0