0

I wrote a simple bash script that makes a backup of the home directory, e puts it into /var/backups. Since that directory is protected, I wrote the script as root, and then set the SUID.

armando@ubuntu:~/scripts/bash $ ll
-rwsr-xr-x 1 root    root    2596 Jul 28 10:43 homebackup.sh*

Even so, I get the "Permission Denied" error when the scripts tries to write into /var/backups. Why?

Etan Reisner
  • 77,877
  • 8
  • 106
  • 148
Alex Gay
  • 3
  • 1
  • 2
  • 2
    See http://unix.stackexchange.com/a/2910/74329 – Cyrus Jul 28 '14 at 17:52
  • setuid doesn't work on shell scripts. Use `sudo`, `su` or `perl`. – alvits Jul 28 '14 at 17:58
  • @alvits, ...not necessarily even perl, now that `suidperl` is deprecated and withdrawn. – Charles Duffy Jul 28 '14 at 18:16
  • @CharlesDuffy - thanks. I didn't know that it has changed. – alvits Jul 28 '14 at 18:20
  • 1
    For this specific purpose, there is a clever workaround. Create a password locked user with superuser privilege. Register each user's public key as authorized keys of this privileged user. In the authorized_keys, set the command to homebackup.sh script. When a user wants to backup their home directory, all they need is to login as this privilege user. – alvits Jul 28 '14 at 19:10

1 Answers1

3

In Linux and most other modern UNIX-family systems, setuid bits are only recognized for direct binary executables, not scripts.

This is by design, and for security reasons. You can work around it by building a compiled wrapper for your setuid scripts, or using an existing tool (such as sudo with a configuration to avoid needing a password when calling the specific script as the desired user).

See this comprehensive discussion on UNIX StackExchange.

Charles Duffy
  • 280,126
  • 43
  • 390
  • 441