I'm trying to provide limited access to certain functionality using links, bash scripts and SUID. SUID script does not run with root access

Question

EDIT: this Sticky bit enabled Script can't write to a root file appears to be a similar problem

EDIT: How can I use SetUID on a shell script to run as a non-root user? is very similar as well.

I have a script, let's call it read.sh. I have a file, lets call it secret.

# cd /home/normie
# echo "some stuff" > secret
# echo "#!/bin/bash" > read.sh
# echo "cat secret" >> read.sh
# chmod 600 secret
# chmod 4755 read.sh
# su normie
$ ./read.sh
<<Error about not having access to secret>>

Did I miss something? I thought the SUID bit made the script run as the owner? When I run the following

# echo "touch newfile" > sumfile.sh
# chmod 4755 sumfile.sh
# su normie
$ ./sumfile.sh
$ ls -alh
<<newfile shows as owned by root>>

What is going on here, and how do I make it work the way I want? The way I want being, I want regular users to execute a particular script with full root access. (I thought that's what the suid bit did )

Answer 1

Install sudo apt install sudo

Make the relevant users part of some group groupadd group && usermod -g group user

Add the following to /etc/sudoers %group (ALL)=(root:root) NOPASSWD:/path/to/script.sh

Add an alias to .bashrc alias ALIAS='sudo /path/to/script.sh'" >> ~user/.bashrc

All members of group can now run the script in question as root.

Answer shamelessly stolen from How can I use SetUID on a shell script to run as a non-root user? (user9517)