How to set the setuid bit in a program of a non-root user?

Question

I am trying to make a python script executable with the setuid bit set. The program, belonging to user 'bgmc', must create some files in the directory '/home/bgmc', but is called by another user, 'client'. Indeed, I don't want user 'client' to change the files created by the program. I used a c-wrapper to call the program (see setuid on shell scripts):

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    setuid(0);
    system("/home/bgmc/myprogram.sh");
    return 0;
}

I set the setuid bit of the program on. When the c-compiled program belongs to root, the program runs well and creates the expected file. The properties of the c-compiled program are then:

8 -rws--x--x 1 root root 4657 Mar  2 16:25 myprogram

However, when I change the user-group of myprogram to bgmc:bgmc, the program cannot create the file anymore: "Permission denied". I tried to change the line:

setuid(0);

with:

setuid(1002);

since 1002 is the user id of 'bgmc' (I used command "id -u bgmc" for this) but this didn't help.

I would rather prefer not giving root access to the program. Is there a way to prevent this?

Answer 1

Not sure about this since your question is very sparse on information, but did you forget to reset the permissions on the file after changing the owner? On most systems, any change of ownership automatically removes the setuid bit and you have to re-add it yourself if you want it.

Also note that setuid shell scripts are a major vulnerability; this is why the kernel does not allow you to make a shell script setuid directly. At the very least you should:

1. Use execve rather than system to call it, and
2. Clear out everything from the environment (or pass a new empty environment to execve).

As it is now, anyone who can run the program can make it do whatever they like by controlling environment variables.