How can I use docker without sudo?

Question

quill

Asked: 2024-07-28 00:02:02 +0800 CST2024-07-28 00:02:02 +0800 CST 2024-07-28 00:02:02 +0800 CST

setuid only works with programs

772

A program, pwrstat as an example, can be run by ordinary user IDs if the setuid (chmod 4xxx) is set and, the file is owned by root. When the setuid permission is set, the entity is run as if by the owner of the file. If that is root, it implies root's privileges. It should follow that if a shell has setuid and, is owned by root, it should run with root's privileges. An example would be

#!/bin/bash
cp $1 /var/aa.aa

Yet someone other than root running the example shell (with permission -rwsr-xr-x) gets permission denied on the copy.

OK, a program works, a shell doesn't. I tried creating a simple C program that uses

system ()

Same result.

The main question here is why setuid is not allowing a shell to be run as root. A sub-question is why a C program cannot issue the commands that would be in that shell?

Some of the high reputation users are voting to close this question as it is similar to previous questions EXCEPT, Those previous questions and answers are complex. Please don't forget many users here would probably get lost in the uids, setuid, seteuids and what-not which make sense to those who are probably ready to sit a linux adminstration certification exam.

1 Answers

Voted

Zeye · Answer 1 · 2024-07-28T03:38:43+08:00

Best Answer

Zeye

2024-07-28T03:38:43+08:002024-07-28T03:38:43+08:00

The bit you are referring to allows whoever runs that item to run it as if they were the same id that owns the file. That does not mean any child process inherits the UID of original process.

In Ubuntu, things run as processes. Even what seem like system commands such as cp are really programs that run as processes. You may have noticed a large copy to the slow thumbdrive will show up in top or ps -ef as a process. So, while it is true the process with permissions 4755 might run as root, sub-processes will not. bash shell scripts initiate sub-processes to perform functions, such as move (mv) and copy (cp). Likewise a C program calling system() is really causing a sub-process and that sub-process, like the sub-processes in the bash script of the original question do not have root authority.

Checkout some of the more basic commands of Ubuntu systems. cp is really running the program /usr/bin/cp.

0

setuid only works with programs

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?