1

I'm trying to make a program a privileged program by doing the following:

  1. sudo chown root
  2. sudo chmod u+s

So now whenever someone runs , that user will be running that program with root privilege. This works as expected in debian. However, when I try on Ubuntu 20.0.4 LTS on Google compute engine, it doesn't run with root privileges.

The program's permissions are as follows: -rwsr-xr-x 1 root But for some reasons, whenever I run it on Ubuntu, it runs with the current users privilege. On debian, it runs as root (as outputted by ps -elf). Anyone know why this is?

Improve this question

1 Answer 1

Reset to default
0

It's per security measure on Ubuntu that the kernel just ignores the suid bit on all non-compiled executables ( Interpreted ).

It can be a serious security breach because anyone can change the script and populate it by anything he wants.

To do so ; knowing the risks ; You have to wrap your script with a non-interpreted language like C.

You can do ; create C file <path_to_to_your_prog>.c :

#include <stdio.h>
#include <stdlib.h> 
#include <sys/types.h> 
#include <unistd.h> 
int main() { 
    setuid( 0 );  
    system("<path_to_your_script>.sh" );
    return 0;
 }

Then compile it :

gcc <path_to_to_your_prog>.c -o 
 <path_to_the compiled_prog>

Then set the correct permissions :

chmod 4755   <path_to_the compiled_prog> # note the suid set here
chown root:root <path_to_the compiled_prog> <path_to_your_script>.sh
chmod 700 <path_to_your_script>.sh

Then run it :

<path_to_the_compiled_prog>

Solution 2 : Preferred

You can add a new group and make it as the secondary group of all the concerned users, then add it to your sudoers so they can run : sudo <script_path>.sh then set the correct permissions : 750 and onwership root:<gid> so they will be unable edit it.

Improve this answer
10
  • Hi Reda, Thank you for your explanation. However, I run into this case when I'm not running the chmod/chown commands through a script. Just as bash commands and the program still does not run with root privilege
    – kevin
    Commented Nov 18, 2020 at 0:58
  • Also, for what you are describing, are you assuming that the chmod/chown commands are done through a script? And for those scripts to actually take place I have to create a helper C program that runs the script?
    – kevin
    Commented Nov 18, 2020 at 1:00
  • Hi, chmod and chown are executed once and out of the script. Yes just follow the procedure to write the helper you don't have to change anything on your shell script. If this helped you you can make it as resolved ! Thanks
    – Reda Salih
    Commented Nov 18, 2020 at 1:38
  • Thank you Reda. But why is it that when I run chmod and chown as standalone bash commands, the program doesn't get root privilege? If I just have a compiled program, prog1 and I do chown, chmod on it, it should be enough right?
    – kevin
    Commented Nov 18, 2020 at 1:52
  • chmod and chown commands are not meant for setting privileges but instead setting permissions and ownerships ; chown ( who can access what ) ; chmod ( who can read,execute,write to )
    – Reda Salih
    Commented Nov 18, 2020 at 1:56

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .