Monday, February 17, 2014

SUID Root

Once in a blue moon, I run into a problem where an application program needs to run a utility which requires super user privileges.  The latest example was the need to set the date and time from a GPS, so the simplest solution was to change the date command to SUID Root.

# whereis date
/bin/date

# chmod u+s /bin/date

A ls -l will now show rws instead of rwx and the date command will run with root privileges when it is launched by an unprivileged user.

Here is a little script that I use to make my life easier in the lab:

#! /bin/bash
echo Set the network utilitites to SUID root so that a common user can run them
chmod u+s /usr/sbin/dhclient
chmod u+s /usr/sbin/ifconfig
chmod u+s /usr/sbin/route
chmod u+s /usr/sbin/ip
chmod u+s /usr/bin/systemctl


You should of course do this with care and think about the security implications when you enable this feature on a command.

La voila!

No comments:

Post a Comment

On topic comments are welcome. Junk will be deleted.