I am running this small python script on both linux and Solaris as a not privileged user :
#!/usr/bin/python
import os
print 'uid,euid =',os.getuid(),os.geteuid()
Before running, the setuid bit is set on the script (not on python interpreter) :
chown root:myusergrp getuid.py
chmod 4750 getuid.py
On Solaris, the effective uid is set because of the setuid bit :
uid,euid = 10002 0
But not on Linux :
uid,euid = 10002 10002
Note the python version is 2.6 for both Solaris and Linux
Is it possibe to have Python Linux working as Python Solaris ?
Most Unix distributions normally don't allow you to use setuid on a file that uses a #! interpreter. Solaris happens to be one that allows it due to its use of a more secure implementation than most other distributions.
See this FAQ entry for more background about why the mechanism is so dangerous: How can I get setuid shell scripts to work?
See this link for more discussion and how to compile a setuid executable that will run your script: setuid on shell scripts
The pertinent part:
int main()
{
setuid( 0 );
system( "/path/to/script.sh" );
return 0;
}
I just put two and two together today and came up with an alternative solution: cython --embed.
Follow the examples at the link above and you'll get binary executables from your Python that you'll be able to chown and chmod u+s, completing the circle without a wrapper program.
Of course, beware the risks (of this or any other setuid use)—bugs in your script can result in elevated privileges on the system.
You could potentially use sudo to achieve what you want. It runs stuff as different users:
sudo -u otheruser command
Permissions are set by root using visudo. The setuid/setguid stuff doesn't appear to apply to scripts or the shell in linux, only compiled code.
来源:https://stackoverflow.com/questions/8314012/setuid-bit-on-python-script-linux-vs-solaris