dgr icon indicating copy to clipboard operation
dgr copied to clipboard
verified publisher icon blablacar

dgr fails to start even though setuid bit is set

Open svvac opened this issue 7 years ago • 4 comments

I installed dgr with exec permissions restricted to a dedicated group and set the setuid bit on the binary, hoping this would spare me the sudo stuff. Even though, dgr fails complaining about needing root.

$ file /usr/bin/dgr
/usr/bin/dgr: setuid ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, no section header

$ ls -al /usr/bin/dgr
-rwsr-xr-- 1 root dgr 21M Nov 27 19:57 /usr/bin/dgr*

svvac avatar Nov 27 '18 21:11 svvac

I don't see any reference to setuid() or geteuid() in the source code, so I guess that's normal that it doesn't work ;-) It could be added easily through...

PaulGrandperrin avatar Nov 27 '18 21:11 PaulGrandperrin

Right. If changes are involved, might as well do this the proper way and check for actually required capabilities to run the tool instead of just checking uid=0?

svvac avatar Nov 27 '18 21:11 svvac

I'm not sure it would be worth the effort to find and check individually for all the required capabilities when most users will just run it as root anyway. Do you have a specific use case in mind?

PaulGrandperrin avatar Nov 27 '18 21:11 PaulGrandperrin

Well, production use with locked-down permissions. I guest the target is more disposable VM build hosts than uid-namespaced containers?

svvac avatar Nov 27 '18 22:11 svvac