Change permission of file owned by root-user without using sudo

Question

I have a file owned by "root" and script owned by "non-root" user. I'm trying to change permission of "root" owned file using "non-root" script and getting below error:

$ cat root_file
echo "HELLO WORLD"

$ cat non_root_script
chmod 777 root_file.txt

$ ./non_root_script
chmod: changing permissions of 'abc.txt': Operation not permitted

I tried adding capabilities to the non_root_script but I'm still getting same error.

$ sudo setcap CAP_FOWNER+ep non_root_script
$ ./non_root_script
chmod: changing permissions of 'abc.txt': Operation not permitted

Are there any other capabilities that I need to provide, if so please suggest. Also I don't want to use "sudo chmod".

score 0 · Answer 1 · answered Sep 28 '18 at 10:45

GNU/Linux strongly discourages AT_SECURE transitions (which includes file system capabilities) on shell scripts:

Allow setuid on shell scripts

You could work around that using a small C program, but what you are trying to do could still very insecure, even if you change the path to root_file.txt to an absolute path due to file system race conditions. Very permissive file modes like 777 also lead to security issues. I suggest to investigate other solutions to your original problems.

Change permission of file owned by root-user without using sudo

1 Answers1