I have a simple command that I want to be able to perform as a user, but it requires root permissions. I suspect that this is a case for the "SUID"-bit, but I've never used it.
This is what I've tried:
aioobe@e6510:~/bin$ sudo -s
root@e6510:~/bin# cat -> spindown_baydrive
#!/bin/bash
/sbin/hdparm -Y /dev/sdb
root@e6510:~/bin# chmod +x spindown_baydrive
root@e6510:~/bin# chmod ug+s spindown_baydrive
root@e6510:~/bin# exit
aioobe@e6510:~/bin$ ./spindown_baydrive
/dev/sdb: Permission denied
aioobe@e6510:~/bin$
aioobe@e6510:~/bin$ ls -la spindown_baydrive
-rwsr-sr-x 1 root root 37 2011-01-31 09:59 spindown_baydrive
Any suggestions?
This is exactly the kind of thing that sudo was designed for. use visudo to edit the sudoers to allow the non privileged user to run your script as root.
visudoadd a line like this
aioobe ALL=NOPASSWD: /path/to/spindown_baydriveand save the file
now you can run the file as root using the command
sudo /path/to/spindown_baydriveIf you want to require a password to be entered to run the script then change the sudoers line above to
aioobe ALL= /path/to/spindown_baydriveYou can let the user run the script as root via sudo by configuring it in /etc/sudoers, without forcing the user to enter his password (see the NOPASSWD option).
To suid bash scripts, read more here: (Ubuntu) setuid bash doesn't work
At 37 bytes, I'm guessing this is a shell script. When running as setuid, the shell starts new processes as the original uid. If you google for 'shell script setuid' you'll see lots of explanations why it doesn't work - and lots of ways to resolve the problem, obvious ones are using sudo or writing a wrapper program in C.