The original author didn't specify whether it was running on a web server or not - the instance of a CGI script hadn't occurred to me actually. Yes, CGI scripts shouldn't be run suid root.

Perhaps the author could clarify?

Ah, very good point. Don't know why I thought it was a CGI question having just re-read it (can you change root node ins SOPW - I could have sworn it originally said CGI/nobody/apache somewhere). I like jacques answer the best so far ;-)

Everyone has to learn about it for the first time sometime.

Of course they do but hopefully by that stage they have discovered the man pages and/or read a basic book. Of the two objections I raised the first was the fact that you typically can't run suid scripts on a large number of the servers out there without recompiling the kernel to remove that restriction or wrapping the script with a short C execv() function. Have you ever actually tried it?

[user]$ cat test.pl
#!/usr/bin/perl
print "This is a suid test\n";
[user]$ chmod +s test.pl
[user]$ ll rover.pl
-rwsr-xr-x    1 user coders        203 Mar 10 02:41 test.pl
[user]$ ./test.pl
Can't do setuid
[user]$ su root
Password:
[root]# ./test.pl
This is a suid test
[root]# exit
exit
[user]$ ./test.pl
Can't do setuid
$ uname -sr
Linux 2.4.18-27.7.xsmp
$
[download]

cheers

tachyon

I've never needed to do anything in this arena, but my comments aren't about what is the right thing to do. I just wanted to emphasize that it's good to talk about all available options. 1) It helps you understand the underlying mechanics better. 2) When you see a new option, you might realize that you were going about it all wrong anyway, and rearranging your code around the new option would increase elegance. I would rather say, "setuid is an answer, but it's the wrong one." than not mention it at all. That's all.

Lexicon