You can use the SetUID bit to cause a script to run with the permissions of the owner of the file. You can allow a specific file to always run as root by changing its owner to root and setting its SetUID bit. To set the SetUID bit:
chmod 4755 <filename>
masks: 4000 is SetUID, 0700 is owner rwx, 0050 and 0005 are group and world rx.
It is imperative that you make sure that users other than the owner cannot edit this file, because if they can, they will be able to run arbitrary commands as your user, which is a security risk.
To be effective as you need it, you must also set the file's owner to root:
sudo chown root <filename>
In this case, <filename> should be whatever script you intend to run. It must be executable - if it is not, i.e. you are trying to run a python program not set up to be executed standalone, you will need to use a wrapper that launches it.
More information: http://en.wikipedia.org/wiki/Setuid
Be careful, there are a number of security risks associated with using the SetUID bit. Post further comments if you need clarification.
A commenter has pointed out that in all likelihood, this will not work for shell scripts. You will instead need to use a wrapper that will call your process from a compiled language such as C or C++.
/* setuid_wrapper.cpp */
#include <unistd.h>
int main(int c, char * v[])
{
// the program to execute
// replace this with the program you want to call.
const char * executable = "/bin/false";
// arguments to pass to program
// MUST be null terminated, MUST start with executable path
const char * arguments[] = {executable, "arg1", "arg2", "etc...", NULL};
execv(executable, arguments);
perror("execv: ");
return 1;
}
compile with:
g++ -o setuid_wrapper setuid_wrapper.cpp
Follow the directions earlier to change its owner to root and set the SetUID bit, and configure your system to run it instead of your script when needed.
