RSS
 

Linux: run script as a different user

22 May

In all the years I’ve been using Linux just enough to get by, I’ve never stumbled across this handy tip. If you have a script that, say, needs root access, but must be executable by users who do not have root access, rather than setting up sudo and then making everyone have to remember to type sudo before they type the path to the script, you can do this:

chmod +s filename

The script will run as the owner, and the permissions for executing the script will be determined by group membership. If you have a script that must be executable by users in the ‘devs’ group, but it must run as root, all you have to do is:
chown root.devs filename
chmod +s filename
(assuming your file is already group executable)

Obviously this file should not be group writable or you’re giving everyone in that group the power to run anything as root, simply by modifying the script and then running it.

 
 

Tags:

  1. Geoffrey Lee

    September 8, 2011 at 11:16 am

    Don’t do this. It’s a HUGE security risk because it allows non-root users to run code as root. If your program has any kind of security flaws that allow arbitrary code injection or the ability to manipulate files, then a malicious attacker could gain complete root access.

     
  2. Jay

    September 17, 2011 at 2:59 am

    Yeah, obviously don’t do that on a server you care about. I assume that goes without saying.