Why my setting with NFS and setuid not working in Linux

I'm using Linux. On machine A I have such NFS setting in etc/exports:

/home 10.0.129.130(rw,no_root_squash)

I mount this directory on machine A on /home/nfs/ on machine B. And I've set setuid using chmod u+x program1.sh.

On machine B I want user xyz to run the program1.sh using root privilege. The setting of program1.sh is like below:

-rwsr-x--- 1 root house 1299 May 15 23:54 program1.sh

, which contains mkdir -p /home/nfs/house/nsx/

I set xyz to be in the group house so that xyz can run program1.sh. However when running program1.sh, it shows:

mkdir: cannot create directory `/home/nfs/house/nsx/': Permission denied

Running program1.sh as root is OK. I don't know why it's not working with user xyz.

Marcus Thornton

Posted 2014-05-19T04:17:22.643

Reputation: 211

Answers

From the name program.sh, I am guessing that you're trying to run an interpreted script, not an ELF binary. Linux has ignored the setuid bit on scripts since long ago, due to possible security issues (race condition between kernel checking the +s bit, and script interpreter opening the file).

If this script needs to be available to specific users, create a sudo rule in /etc/sudoers that allows this:

xyz ALL=(root:root) NOPASSWD: /usr/local/bin/program.sh

There might be other solutions. For example, if you want to create home directories automatically (upon first login), the pam_mkhomedir.so PAM module exists for this.

user1686

Posted 2014-05-19T04:17:22.643

Reputation: 283 655

Because only root and user nfs have permissions on files/folders under: /home/nfs

alfasin

Posted 2014-05-19T04:17:22.643

Reputation: 1 298

I've set setuid using chmod u+x. Isn't this mean I can run this program as root. Like passwd, its privilege is -rwsr-xr-x so other users can run that as root. – Marcus Thornton – 2014-05-19T06:12:11.443