1

I have a post-receive hook that call a bash script of mine (which will pull the local repo and restart the Java server).

Here's the owner info of the post-receive hook :

-rwsr-x--x 1 cyril devs   676 19 dec.  14:45 post-receive

As you can see, I set the setuid bit on this script in order to be run as cyril/devs also for other users.

The content of this script is rather simple :

echo "Running post-receive hook"
echo "Server will be up and running in about 1 minute"
/home/project/start_dev restart &

My script start_dev has those rights :

-rwsr-x---  1 cyril devs 1515 19 dec.  14:41 start_dev

Note: also the setuid.

If I push something to the server with the account cyril, it works perfectly.

If someone else, with an other account, push to the server, they got :

remote: /home/project/start_dev: line 52: kill: (11490) - Operation not allowed

(The kill is used to stop the instance.)

Why they have this errors, the script should be run as cyril, not the user, thus they should have the right to kill this instance, right?

What am I doing wrong?

Improve this question

1 Answer 1

Reset to default
1

Apparently most Linux distributions disable setuid for shell scripts because of the massive security holes it can cause. More info here and from the setuid Wikipedia page.

While the setuid feature is very useful in many cases, its improper use can pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed. Due to potential security issues, many operating systems ignore the setuid attribute when applied to executable shell scripts.

One possible solution from the Tuxation page is to do the following:

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
   setuid( 0 );
   system( "/path/to/script.sh" );

   return 0;
}

Then setuid the resulting C program and use that as your hook. There's also this commentary after that on the Tuxation page though:

With all that said, running shell scripts with setuid isn't very safe, and the distro designers had a pretty good idea of what they were doing when many of them disabled it.

Improve this answer
1
  • Added solution from Tuxation.
    – asm
    Commented Dec 19, 2012 at 14:37

Not the answer you're looking for? Browse other questions tagged or ask your own question.