10.9. setuid Scripts

10.9. setuid Scripts

Whoever runs a setuid program temporarily (as long as he or she is running the setuid program) becomes the owner of that program and has the same permissions as the owner. The passwd program is a good example of a setuid program. When you change your password, you temporarily become root , but only during the execution of the passwd program. That is why you are able to change your password in the /etc/passwd (or /etc/shadow ) file, which normally is off-limits to regular users.

Shell programs can be written as setuid programs. You might want to do this if you have a script that is accessing a file containing information that should not be accessible to regular users, such as salary or other personal information. If the script is a setuid script, the person running the script can have access to the data, but it is still restricted from others. A setuid program requires the following steps:

1. In the script, the first line is

 #!/bin/csh feb 

where the “feb options are

 f  fast start up; don't execute .cshrc e  abort immediately if interrupted b  this is a setuid script 

2. Next, change the permissions on the script so that it can run as a setuid program:

 %  chmod 4755 script_name  

or

 %  chmod +srx script_name  %  ls l   rwsrxrx   2 ellie         512 Oct 10 17:18 script_name