SUID issue

Hi,
i am trying to understand a basic about SUID
i want to run a script to copy file to a directory which owned by root
files will be copied from directory one to myroot directory.
permission of my root is as follows :
[root@/]# ls -l  | grep myroot
drwxr-xr-x   2 root   root    4096 May 13 12:51 myroot
the script permission is as follows :
[root@ /]# ls -l copy.sh
-rwsrwxrwx 1 root root 30 May 13 12:51 copy.sh
so i have sent suid to root, chmod u+s copy.sh
now i am trying to run this script as normal user, but its unable to copy file in myroot directory as its saying permission denyed

but as a rule, if i set suid , so the script should run as Root previliges, then why still its unable to copy ??
yusuf01Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

woolmilkporcCommented:
Hi,
the Linux kernel will not honour the setuid bit on shell scripts, as this could be a  major security issue!
setuid is only honoured with binaries.
wmp
0
yusuf01Author Commented:
HI,

by binaries you meant, programm such as sendmail or user defined program written by C or something like that??

then what about thsi article
http://lokams.blogspot.com/2008/03/about-suid-sgid-and-sticky-bit.html
http://www.codecoffee.com/tipsforlinux/articles/028.html

every where its saying "shell script"
0
woolmilkporcCommented:
With 'binaries' I mean compiled code. Sorry for not having been clear enough.
OK, it seems that I am right, since your script doesn't run as expected, does it?
Maybe there are Unix'es around which allow setuid for scripts, but I am not aware of any.
You could circumvent your problem either by using 'sudo' to start the script or by writing a small wrapper in C around the script employing 'popen' or 'execl' or 'system'.
wmp
 
 
 
 
0
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

yusuf01Author Commented:
you could be right, i just read for mandrive , it does not support script to use suid...

but its wired , every example in web for suid is showing for script, i never seen any site is saying that suid does not support sciprt ....

0
yusuf01Author Commented:
thanks
let me come back from launch, then will read that link
0
woolmilkporcCommented:
The link above is a bit misleading. The article mainly deals with a 'what if ...' scenario (what if setuid was possible with shell scripts).
Here is another, maybe better thingy -
http://rob.sun3.org/misc/setgid-and-setuid-shell-scripts/
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yusuf01Author Commented:
yes the 2nd link is realy good
thanks to share information with me.
i will close this question now
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.