Setuid bit on python script : Linux vs Solaris

Question

I am running this small python script on both linux and Solaris as a not privileged user :

#!/usr/bin/python
import os
print \'uid,euid =\',         


        

Answer 1

You could potentially use sudo to achieve what you want. It runs stuff as different users:

 sudo -u otheruser command

Permissions are set by root using visudo. The setuid/setguid stuff doesn't appear to apply to scripts or the shell in linux, only compiled code.

Answer 2

I just put two and two together today and came up with an alternative solution: cython --embed.

Follow the examples at the link above and you'll get binary executables from your Python that you'll be able to chown and chmod u+s, completing the circle without a wrapper program.

Of course, beware the risks (of this or any other setuid use)—bugs in your script can result in elevated privileges on the system.

Answer 3

Most Unix distributions normally don't allow you to use setuid on a file that uses a #! interpreter. Solaris happens to be one that allows it due to its use of a more secure implementation than most other distributions.

See this FAQ entry for more background about why the mechanism is so dangerous: How can I get setuid shell scripts to work?

See this link for more discussion and how to compile a setuid executable that will run your script: setuid on shell scripts

The pertinent part:

int main()
{
   setuid( 0 );
   system( "/path/to/script.sh" );

   return 0;
}