问题
I am running this small python script on both linux and Solaris as a not privileged user :
#!/usr/bin/python
import os
print 'uid,euid =',os.getuid(),os.geteuid()
Before running, the setuid bit is set on the script (not on python interpreter) :
chown root:myusergrp getuid.py
chmod 4750 getuid.py
On Solaris, the effective uid is set because of the setuid bit :
uid,euid = 10002 0
But not on Linux :
uid,euid = 10002 10002
Note the python version is 2.6 for both Solaris and Linux
Is it possibe to have Python Linux working as Python Solaris ?
回答1:
Most Unix distributions normally don't allow you to use setuid on a file that uses a #! interpreter. Solaris happens to be one that allows it due to its use of a more secure implementation than most other distributions.
See this FAQ entry for more background about why the mechanism is so dangerous: How can I get setuid shell scripts to work?
See this link for more discussion and how to compile a setuid executable that will run your script: setuid on shell scripts
The pertinent part:
int main()
{
setuid( 0 );
system( "/path/to/script.sh" );
return 0;
}
回答2:
I just put two and two together today and came up with an alternative solution: cython --embed.
Follow the examples at the link above and you'll get binary executables from your Python that you'll be able to chown and chmod u+s, completing the circle without a wrapper program.
Of course, beware the risks (of this or any other setuid use)—bugs in your script can result in elevated privileges on the system.
回答3:
You could potentially use sudo to achieve what you want. It runs stuff as different users:
sudo -u otheruser command
Permissions are set by root using visudo. The setuid/setguid stuff doesn't appear to apply to scripts or the shell in linux, only compiled code.
来源:https://stackoverflow.com/questions/8314012/setuid-bit-on-python-script-linux-vs-solaris