以非root用户身份调用外部shell脚本失败

Question

I want A user to do some jobs as B user. It's OK if B is root, but non-root user failed. Here are basic codes:

root.c:

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    setuid( 0 );
    system( "/tmp/script_of_root.sh" );

    return 0;
}

script_of_root.sh:

#!/bin/sh
echo $RANDOM >> /tmp/file_of_root

playback :

$ cd /tmp
$ cc root.c -o root
$ su -
# chown root.root /tmp/root
# chmod 4755 /tmp/root
# exit
$ ./root

After executing "./root", file "/tmp/file_of_root" will be updated. But if I apply the same thing to a non-root user, it doesn't work. Codes:

foobar.c:

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
    setuid( 1001 );    // uid of user "foobar"
    system( "/tmp/script_of_foobar.sh" );

    return 0;
}

script_of_foobar.sh:

#!/bin/sh
echo $RANDOM >> /tmp/file_of_foobar

playback :

$ cd /tmp
$ cc foobar.c -o foobar
$ su -
# chown foobar.users /tmp/foobar
# chmod 4755 /tmp/foobar
# exit
$ ./foobar

If I run "./foobar" as other normal user(not "foobar" itself), it's gonna be error:

/tmp/script_of_foobar.sh: line 2: file_of_foobar: Permission denied

I am totally confused. Why the second scenario not working?

Best regards.

Answer 1

The setuid call in foobar.c will only succeed if you are root, or your effective UID is 1001.

So. If you're not root, setuid(1001) will fail, and you won't have the required rights to overwrite the file owned by "foobar".

Answer 2

From the output it looks like your non-root user is able to execute script_of_foobar.sh, but unable to write to /tmp/file_of_foobar. Are the permissions on /tmp possibly off? I believe it should be set to 1777.