setuid root

[Rich]

I am trying to create a go program so that I can peform an action that is more complex than the example I have below. I can't give sudo right so run the application due to some policy we have at work that certain groups can only have read permissions. The company also have a policy that states any new directory / file is set with restrictive permissions. What I wanted to do is create a program that runs as root. (Like ping runs as root) but it doesn't seem to work.

package main

import (
"fmt"
"os"
"os/exec"
)

func main() {
  cmd:=exec.Command("chmod","770", "/opt/app/mnt/mydirectory")
  cmd.Stdout = os.Stdout
  cmd.Stderr = os.Stderr
  err:=cmd.Run()
  if err != nil {
    fmt.Println("ERROR:", err)
  }
}

When I compile, then do a chmod 4755, and run it. I get a permissions denied. Looking for why this would be?

[Tamás Gulácsi]

You mean "chown root app; chmod 4755 app" ?

[Brian Candler]

Try:

cmd:=exec.Command("id")

If it's definitely running as root then it could be other system-level restrictions: SELinux for example.  If so, "dmesg" output may give you a clue, logging the policy violation.

[Rich]

Yes. I tried running an exec: cmd=exec.Command("whoami") and it came as my user id not root.  But to set the permissions I'd run: 'chmod 4755 myapplication'

[Tamás Gulácsi]

chmod 4755 is not enough. Your binary must be owned by root, to run root - setuid means "run as owner".

[Rich]

OK -=- My mistake.  When you setuid a program it sets the user to the owner of the file. So I owned the file, so it would run as me. When I did a chown root myapplication -- it runs like it should. Thanks everyone for the help.

[Rich]

Thanks -- that worked.