UID/GID on Executable: Effective vs. Real UID concept

I wrote a short C++ program that only receives an input value (basically cin >> a ;).  I enabled UID on it.  So ls -l shows:
-rwsr-xr-x 1 root root   6058 Sep 15 09:50 prog

Now I executed it as "test" user and checked the real vs. effective UID as under:
 ps -eo cmd,ruser,euser,ruid,euid,pid | grep prog | grep -v grep
./prog                      test     root       501     0 14251

Just as I expected, real userid is 501(test) and effective uid is 0(root).

So far so good.

Now I tried to do the same using a shell script.  A bash script called script which should do the same thing but it doesn't.  Why?  Is there a way to see it working in a shell script.

-rwsr-xr-x 1 root root      5 Sep 15 09:29 script

ps -eo cmd,ruser,euser,ruid,euid,pid | grep 14328
bash                        test     test       501   501 14328

Second, will the script work as root or as user test?
LVL 31
farzanjAsked:
Who is Participating?
 
woolmilkporcConnect With a Mentor Commented:
On most Unixes the "setuid on execution" flag does not work for shell scripts, only for binary executables.
Since this seems to be the case with your OS,  your script will run as user test.
wmp

 
0
 
jlar310Connect With a Mentor Commented:
bash (and other shells) ignores the setuid bit by design. It's a security thing. The setuid bit only works on compiled binary programs. In your example, the script will always run as the logged in user.
0
 
farzanjAuthor Commented:
I ran it on Red Hat Linux (RHEL5.5).
Second, please clarify if effective uid/gid the one that is checked for determining the access/permissions.  Does real uid/gid ever matter at all?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
woolmilkporcConnect With a Mentor Commented:
The real userid always remains unchanged, and can be tracked by a so-designed application to find out the id of the invoking user.
The real id is used e.g. when files are being created by means of a setuid program, to set ownership to the correct id.
Besides that this real id can of course be used to possibly reject some actions otherwise allowed for the "effective" userid.
Think of /usr/bin/passwd! This executable is setuid "root" to allow for changing one's own password, but it checks the "real" id to reject changes for other users if not invoked by root.
wmp
 
0
 
woolmilkporcConnect With a Mentor Commented:
... and yes, RHEL does not honor setuid! It's Linux, and that functionality is built into the Linux kernel, afaik.
0
 
woolmilkporcConnect With a Mentor Commented:
The above should read
"...  does not honor setuid for shell scripts ..."
of course.
0
 
farzanjAuthor Commented:
Thank you so much for your clarification and your time.  Appreciated.
0
All Courses

From novice to tech pro — start learning today.