On Tue, May 10, 2022 at 07:50:18AM -0400, rhkramer@gmail.com wrote: > Aside: even though this is not a Debian specific question, I often use debian- > user as my first resource in asking Linux questions. > > Background: 8 years ago I wrote a set of scripts to help me mount and unmount > LUKS encrypted partitions as needed and as myself (<myuserid>) rather than as > root. TL;DR use sudo. You must have had an outdated kernel version back then, I think. The setuid bit has been ignored for scripts in Linux since like... forever. If my memory doesn't fail me, it must have been around kernel 2.x, perhaps 3.x, so around of before 2010. I remember writing a setuid wrapper for a specific application back with kernel 2.0.36, so it must already have been a topic back then. There are many places out there as to why -- my search engine gave me this [1] one. You can, of course, patch your kernel. You could write a setuid wrapper (a small setuid C program written to call your script: a good exercise in writing security sensitive stuff -- did I get everything right? ;-) Or you can use a setuid wrapper written for you (called sudo). Even this one doesn't get everything right from the get-go. I'd still recommend this latter options. The one I wrote Back Then [TM] surely has more holes than sudo. Cheers [1] https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts -- t
Attachment:
signature.asc
Description: PGP signature