1

I'm trying to create a ruby script that is executed with root permissions when run by an unprivileged user. Basically I'm writing a wrapper script that when run adds the user to a group, runs a command, then removed the user from the group. This is all under CentOS and not using sudo.

I've played around with having the script owned by root and then chmod +s which as I understand should run the script with root permissions. However when I run the ruby command system "gpasswd -a #{user} #{group}" in my script I get a permission denied message.

I'm a bit stuck now no how to get this working.

Thanks

Improve this question

2 Answers 2

Reset to default
5

Setting scripts setuid doesn't work unless the interpreter has a setuid version which it invokes upon seeing the setuid script. You will need a compiled setuid wrapper to run the script.

Also, note that group membership changes don't take effect until the user relogs. Perhaps you should look at configuring usermode or PolicyKit instead.

Improve this answer
4

Sudo is the right tool for the job, and you should consider installing it.

Improve this answer
3
  • unfortunately sudo won't work in my situation as the software being used will install packages in the root location rather than the users home folder when run under sudo Commented May 13, 2011 at 9:40
  • You might want to explore the -u, -g, and -H options to sudo. There's more to sudo than just running things as root. It'll be a lot less of a headache than getting some setuid working with a script. Commented May 13, 2011 at 9:46
  • Interesting, I've tried adding the following line to /etc/sudoers ausername ALL=NOPASSWD:/usr/local/bin/bundle which lets me run the command as sudo ok. Unfortunately when running it remotely how it would normally be done I'm getting permission errors make: execvp: gcc: Permission denied. I don't want users to be able to run gcc directly, only via the bundle command. Any ideas? Commented May 13, 2011 at 14:48

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.