# set the effective UID in bash script



## blind0ne (Oct 26, 2021)

Hello, how can I actually tell the script to run as root if I previousluy chmod this script 4755 premission and added the s instead of x. I've tested it and it is still running as normal user, how can I ask it to evaluate to root as passwd commad does. Is it possible in bash or sh script?


----------



## mark_j (Oct 26, 2021)

I hope you have no other users running on your  system because 'back in the day' this was a major exploit vector and consequently is ignored by most OS: Solaris, *BSD, systemd/linux and others. That's why you can't get it to work.

You will have to use sudo or similar, or write a wrapper program that's setuid that execve(2)'s the script but that's almost as big a security risk.
*OR*
You could think around the way you're currently proposing. There must be an alternative way to replace your sledge-hammer approach?


----------



## SirDice (Oct 26, 2021)

You can't SUID scripts, while you can certainly apply the SUID bit to it, it will just be ignored. It's a rather large security risk.



blind0ne said:


> how can I ask it to evaluate to root as passwd commad does.


There are probably a gazillion different ways to check if the user has root access or not. You could check $EUID or the output from `id -u`. If it's not 0 then exit with a warning it needs to be run as root. I've also seen scripts just automatically run themselves with sudo(8); `sudo $0`.


----------



## blind0ne (Oct 26, 2021)

So it's impossible with bash script,But maybe I could compile something that will become root,  something like it is in passwd exec. This is somehow happaning in passwd prog, but how can I look at exact pice of code. How to find out?


----------



## SirDice (Oct 26, 2021)

You're making it way more difficult than it has to be. Just configure sudo(8) so the user is allowed to execute that script and be done. Check in your script if it's running as root and exit with a warning if it's not.



blind0ne said:


> This is somehow happaning in passwd prog


No, it's just an executable that has the setuid bit set. The setuid bit works for executables just not for scripts.


----------



## mark_j (Oct 26, 2021)

Like I said, the sledgehammer approach is just not going to work.
The `passwd` program is just that, a program. It can be setuid.
As I said above, if you really are stuck on running a shell script in setuid mode, you will have to write a program to do so and set that program to setuid root (just like `passwd` is set).
I would advise not to.
I would advise, as I said, to use sudo (or similar).


----------



## gpw928 (Oct 27, 2021)

As others have indicated above, setting the setuid bit on a script won't do as you want.

This is because it constitutes a large security flaw -- users can break out of the script and execute arbitrary programs with the setuid privilege still active.

Using sudo(8) or doas(1) to confer privilege on the script has exactly the same security problem.  You are just circumventing the protection built into the setuid mechanism.

The best solution is to rethink your problem.  What is it that you actually need to do that requires elevated privilege?  If you can define that precisely, then you may be able to use individual sudo(8) commands within a non-privileged script (to execute individual binary executables) to achieve what you want.


----------



## blind0ne (Oct 27, 2021)

gpw928 said:


> As others have indicated above, setting the setuid bit on a script won't do as you want.
> 
> This is because it constitutes a large security flaw -- users can break out of the script and execute arbitrary programs with the setuid privilege still active.
> 
> ...


I would like to run binary from normal user on which suid was set, that will apear as "running by root" in processes lister like htop or top. I belive that it is somehow possible. I just want to know mechanism wich is doing that.


----------



## mark_j (Oct 27, 2021)

Yes: a program. No: a shell.
Setting the user using setuid does do that for a program, but not a shell script.
I don't use sudo but others might chime in and say if running commands/scripts as root shows it in the process as root. It should.
Sudo basically does as I described, running commands as root using some mechanism like execve(2)


----------



## blind0ne (Oct 27, 2021)

mark_j said:


> Yes: a program. No: a shell.
> Setting the user using setuid does do that for a program, but not a shell script.
> I don't use sudo but others might chime in and say if running commands/scripts as root shows it in the process as root. It should.
> Sudo basically does as I described, running commands as root using some mechanism like execve(2)


Found a paper about it. Hope to understand something.  Setuid Demystified∗


----------



## Geezer (Oct 27, 2021)

It sounds as though you simply want to _*do*_ something *as* someone else (root or whoever). _Do_ _as_. No need to write a program. Merely use `doas`.


----------

