Sticky bit enabled Script can't write to a root file

Question

I have 2 files in the /tmp/.

The first one is an empty file named "file" with permission -rw------- and owner root:root.
The second file is named "script" which is a simple Ruby script with permission -rwsr-xr-x and owner root:root. The contents of the script file is:

#!/usr/bin/env ruby
$-v = true

IO.write( File.join(Dir.pwd, 'file'), 100.times.map { rand(97..122).chr }.join << ?\n )

The file "file" has the same permission as the /etc/shadow file:

# ls -l /etc/shadow
-rw------- 1 root root 1045 Sep 22 04:13 /etc/shadow

# ls -l file
-rw------- 1 root root 6 Nov 29 12:22 file

The ruby script "script" has the same permission as the passwd command:

$ ls -l $(type -p passwd)
-rwsr-xr-x 1 root root 63624 Nov 13 22:28 /usr/bin/passwd

# ls -l script
-rwsr-xr-x 1 root root 78 Nov 29 12:22 script

I can run ./script as root which replaces the contents of the file "file" with some random string.

But when I run ./script as a non-root user, Ruby raises Errno::EACCES.

Can I write to the the root writeable file "file" as non-root user by correctly setting up the SUID permission?

gm3dmo · Accepted Answer · 2019-11-29T07:54:04.187

You could try using an Access Control List (ACL) instead. In the command below I (dmo) give the user bob read/write access to a file called test:

$ setfacl -m u:bob:rw test

Now ls shows a + sign at the end of the permissions to indicate that an ACL is in effect on a file.

$ ls -l
total 4
-rw-rw-r--+ 1 dmo dmo 0 Nov 29 07:22 test

To see what the ACL allows use getfacl:

$ getfacl test
# file: test
# owner: dmo
# group: dmo
user::rw-
user:bob:rw-
group::rw-
mask::rw-
other::r--

As you can see bob now has the write access he needs.

If you want to remove the ACL you can use setfacl --remove-all:

$ setfacl --remove-all test
$ ls -l
total 0
-rw-rw-r--. 1 dmo dmo 0 Nov 29 07:22 test

There are some good tutorials around on ACL's which are an often overlooked feature: https://linuxconfig.org/how-to-manage-acls-on-linux

Finally, be very careful of who you allow to write to files owned/read by the root user.

1 Answers1