Reputation: 24768
EGID and RGID incorrectly displayed in ps o/p?
I have this:
$ ls -l test1.sh
-rwxr-sr-x 1 root root 24 2011-05-31 13:27 test1.sh # sgid root
$ id
uid=1001(abc) gid=1001(abc) groups=4(adm),6(disk),20(dialout),21(fax),24(cdrom),26(tape),29(audio),30(dip),44(video),46(plugdev),104( fuse),106(lpadmin),112(netdev),121(admin),122(sambashare),1001(abc),1002(sbox)
But, when I run test1.sh, I do not see the Effective Group Owner to be root in ps o/p.. why ?
$ ps -o pid,ppid,cmd,euid,euser,ruid,ruser,egid,egroup,rgid,rgroup,nice,tty,user
PID PPID CMD EUID EUSER RUID RUSER EGID EGROUP RGID RGROUP NI TT USER
8793 2349 bash 1001 abc 1001 abc 1001 abc 1001 abc 0 pts/2 abc
8865 8793 /bin/bash ./test1.sh 1001 abc 1001 abc 1001 abc 1001 abc 0 pts/2 abc
8866 8865 sleep 60 1001 abc 1001 abc 1001 abc 1001 abc 0 pts/2 abc
8868 8793 ps -o pid,ppid,cmd,euid,eus 1001 abc 1001 abc 1001 abc 1001 abc 0 pts/2 abc
Upvotes: 1
Views: 1015
Answers (2)
Reputation: 3867
The ps output gives you a clue. The thing you're running is bash with your script as an argument. Since bash isn't suid, it can't elevate permissions.
Linux - and most unixes - don't allow suid shell scripts either way. It's implemented as part of the exec() system call that they ignore suid/sgid on anything being interpreted through the #! mechanism (see man execve). To work around this, you'll most likely want to use sudo and potentially call it from within your shell script (which is somewhat safer anyway).
To run part of the script using sudo, you would use the -u or -g options to sudo to launch your script. So, you'd make a rule in /etc/sudoers (which is beyond the scope of this answer) allowing you to run the script. Say your script is /tmp/script, and you're abc. to run the command as the user "sauer" without being prompted for your password, you'd add this to /etc/sudoers:
abc ALL = (sauer) NOPASSWD: /tmp/script
and run this command
sudo -u sauer /tmp/script
To run it as a member of the admin group, you'd add this line:
abc ALL = (%admin) NOPASSWD: /tmp/script
and run this command
sudo -g admin /tmp/script
Read the sudoers man page and surf around Google to find more documentation on sudo. You combine users and groups with commas in that parenthetical expression (ie, (sauer,root,%admin))
Upvotes: 2
Reputation: 43708
Writing safe shell scripts is really hard. Think about $PATH, $IFS, ... So, Linux doesn't honour the setuid/setgid bit for shell scripts.
Upvotes: 3
Related Questions
- pipe of "ps -e", "tee" and "head" behaves strange
- Why does `ps -p $PPID -o comm=` return different result?
- Everytime I run ps, it returns the usual PID and CMD, but
- PS command returns different format in a shell script
- Bash shell getting only PID from PS doesn't work
- Different results between ps aux and `ps aux` inside a script
- bash pid output showing two numbers
- Why are some processes shown in pstree not shown in ps -ef?
- ps aux | grep returns pid for itself too
- global:whereis_name() returns different Pid from different terminals