4
3
I'm trying to make a C program run always as root, no matter who is calling it. Basically, I want it to invoke "mkdir /test" as an example. So I created the C program as follows:
#include <stdio.h>
int main()
{
system("mkdir /test");
printf("bye...\n");
return 0;
}
Now, I just compiled it: gcc test.c -o test
And now I tried to set the permissions:
chmod +s test
However running it as a normal user, I get a permission denied error. So, it executes the file but not with root's permissions. I also tried setting the permissions as:
chmod a+s test
chmod o+s test
But I always get the same problem.
Anyone can help me with this? By the way, the file test.c is being created by root and it's also being compiled as root.
bash-3.2# ls -al | grep test
-rwxr-xr-x 1 root staff 8796 5 Ago 19:07 test
bash-3.2# chmod +s test
bash-3.2# ls -al | grep test
-rwsr-sr-x 1 root staff 8796 5 Ago 19:07 test
bash-3.2# whoami
root
bash-3.2#
Thanks in advance! Cheerz!
4The setuid bit is not ignored on OS X, how do you think a program like the sudo you mention would be able to work if not thanks to it being setuid root? What seems to be a restriction in OS X, and apparently is not documented, is that the setuid bit on an executable has an effect only if the executable is in a directory that is owned by root (and not open for writing by others), etc, up to the root directory. – tml – 2015-05-22T12:53:33.930
The sticky bit has nothing to do with setuid, which is why I thought it strange when the asker brought it up. – Ignacio Vazquez-Abrams – 2012-08-05T18:27:53.007
Cool! I didn't know that. Yes it seems way safer that way. – yaroze – 2012-08-05T18:29:02.113
@IgnacioVazquez-Abrams, you're completely right. Thanks for pointing that out. I already edited the question. – yaroze – 2012-08-05T18:30:58.443
If the program requires root permissions to function, you can always check your current user ID, and if non-zero, try to run
sudo $0
(or equivalent). If that works, great; otherwise print an error message and exit. Since this isn't exactly expected behavior, you shouldn't do this for something you want to distribute. – Daniel Beck – 2012-08-05T20:56:39.727