2

I have a program that runs as a normal user but sometimes needs to run a command that requires root privileges. So I made a shell script and gave the user permission to run that script with sudo.

The script is executed successfully when I run the program from the shell but fails when running as a service. Sudo exits with this error: 

sudo: effective uid is not 0, is /usr/bin/sudo on a file system with
the 'nosuid' option set or an NFS file system without root privileges?0

This is the unit file for the service, this is the script and in sudoers I have added

user ALL = (root) NOPASSWD: /path/to/script

I have no idea why. Sudo works fine and the permissions for /usr/bin and /usr/bin/sudo are correct.

Improve this question
1
  • Please include the content of your files instead of using links. The files can be removed from the hosting server.
    – anask
    Commented Apr 24, 2023 at 17:44

1 Answer 1

Reset to default
4

You have set NoNewPrivileges=true in the unit file

From the documentation:

If true, ensures that the service process and all its children can never gain new privileges. This option is more powerful than the respective secure bits flags (see above), as it also prohibits UID changes of any kind. This is the simplest, most effective way to ensure that a process and its children can never elevate privileges again.

Therefore, sudo will not get root privileges even if the executable has the suid bit set

Improve this answer
1
  • I did not write the unit file so I was not so sure about what the options mean. Thank you.
    – Rnhmjoj
    Commented Feb 14, 2015 at 21:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .