0

I have a sh file (with setuid) that I want specific web users to be able to execute from an endpoint:

-rwsr-xr-x   1 root root       59 Sep 11 09:47 restart-workers.sh

The content of this file is simply:

#!/bin/bash
/usr/bin/supervisorctl restart laravel-worker:*

When I invoke this:

exec('/var/www/html/restart-workers.sh', $stdout, $status);

I always get a permission denied error which I expect as PHP-FPM and Nginx are both running as the www-data user, however, I am trying to add the SETUID to the script so when the file is executed, the owner of the file is used to execute the script. Am I invoking this wrong? The sudo package is not installed.

error: <class 'PermissionError'>, [Errno 13] Permission denied: file: /usr/lib/python3/dist-packages/supervisor/xmlrpc.py line: 557

Improve this question
5
  • Related: security.stackexchange.com/q/194166 tl;dr: it is a security feature. Commented Sep 11, 2023 at 10:04
  • Thanks @Vilinkameni - well this makes it difficult lol permissions are a nightmare Commented Sep 11, 2023 at 10:08
  • 2
    Does this answer your question? Allow setuid on shell scripts Commented Sep 11, 2023 at 12:29
  • 1
    Rather than trying to get a "setuid interpreter script" to work (you probably can't, because it's a well known security no-no), read man sudo sudoers. Commented Sep 11, 2023 at 13:38
  • You should exec across SSH session, from web interface ther user must provide SSH auth params. Commented Sep 11, 2023 at 22:43

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.