On a Debian (5.0.3) server I have a user svnsync who owns a certain shell script:
-rwsrwsr-x 1 svnsync users 119 Dec 21 13:45 mirror-svn.sh
I'd like everyone in the users group to be able to execute this script with svnsync's privileges. This is related to triggering "svnsync synchorize" commands from post-commit scripts; quoting svnbook:
[...] you might wish to have your primary repository push changes to one or more blessed mirrors as part of its post-commit and post-revprop-change hook implementations. This would enable the mirror to be up to date in as near to real time as is likely possible.
Anyway, I can't get SUID working, apparently because Linux / Debian is one of the modern Unix systems referred to here:
Some modern UNIX systems ignore the SUID and SGID bits on shell scripts for this reason.
This SF question suggests the same thing: "you cannot use SUID root for shell scripts". So, here's my follow-up question:
If I really really want to run a script with the privileges its owner, regardless of any potential risks, is there any hassle-free way to do that? Compiling the script into a binary was suggested, but I'd prefer a simpler way if at all possible. How about calling the shell script from e.g. a Perl script (I actually tried this but couldn't get it working)? Adding everyone to sudoers file is not really a good option either.
Update: got it working by installing perl-suid as 0x89 suggested and using a Perl wrapper script like the following.
#!/usr/bin/suidperl -T
$ENV{PATH} = "/bin:/usr/bin";
system("/path/to/mirror-svn.sh");
chmod +s is set on this wrapper script. Also note that $ENV{PATH} needs to be set in the script; otherwise you'll get a complain that it's insecure.
