Using mkdir in my bash script and getting permission denied

Question

i have script that is owned by root in a directory owned by root. part of the script is to make a directory that will hold the inputs/outputs of that script. i also have a sim link to that script so any user can run it from anywhere. i don't use the temp directory so this info can be used as logs later. Problem: when a user tries to run the script they get an error that the directory cannot be created because of permission denied. Questions: why won't the script make the directory so root owns it independent of what user runs it? how can the script make the directory so root owns it instead of the user that ran it? only the script needs this info, not the user.

Additional info: the directory is: drws--s--x. the script is: -rwxr-xr-x. (if you need to know) the line in the script is simply: mkdir $tempdirname

i am matching the permissions of other scripts on the same server that output text files correctly, but since mine is a directory i'm getting permission errors. i have tried adding the permissions for suid and sgid. suid sounded like the correct solution since it should make the script run as if it were run by the user that owns the script. (why isn't this the correct solution?)

i would like any user to be able to type in the sim link name, that will run the script that is owned by root in the directory that is owned by root, and the directories created by that script will stay in its own directory. and the end user has no knowledge or access to the inner workings of this process. (hence owned by root)

Answer 1

Scripts run as the user that runs them; the owner of the file and/or the directory it's in are irrelevant (except that the user needs read and execute permission to the file and directory). Binary executables can have their setuid bit set to make them always run as the file's owner. Old unixes allowed this for scripts as well but this caused a security hole, so setuid is ignored on scripts in modern unixes/Linuxes.

If you need to let regular users run a script as root, there are a couple of other ways to do this. One is to add the script to your /etc/sudoers file, so that users can use sudo to run it as root. WARNING: if you mess up your /etc/sudoers file, it can be hard to recover access to clean it up and get back to normal. Make a backup first, don't edit it with anything except visudo , and I recommend having a root shell open so if something goes wrong you'll have the root access you need to fix it without having to promote via sudo . The line you'll need to add will be something like this:

%everyone ALL=NOPASSWD: /path/to/script

If you want to make this automatic, so that users don't have to explicitly use sudo to run the script, you can start the script like this:

#!/bin/bash

if [[ $EUID -ne 0 ]];
then
    exec sudo "$BASH_SOURCE" "$@"
fi

EDIT: A simpler version occurred to me; rather than having the script re-run itself under sudo , just replace the symlink with a stub script like this:

#!/bin/bash
exec sudo /path/to/real/script "$@"

Note that with this option, the /etc/sudoers entry must refer to the real script's path, not that of the symlink. Also, if the script doesn't take arguments, you can leave the "$@" off. Or use it, it won't do any harm either.

If messing with /etc/sudoers sounds too scary, there's another option: you could "compile" the script with shc (which actually just makes a binary executable wrapper around it), and make that setuid root ( chmod 4755 /path/to/compiled-script; chown root /path/to/compiled-script ). Since it's in a binary wrapper, setuid will work.