> > No, php script *RUN* by root -> full system access > > php script run by www-data -> access to what www-data has access to. > > Owner/Group/Other permissions only affect who has access to the > file/folder, not the kind of access the file (process) itself has when > run. Two very different concepts. > > The exceptions being the setuid and setgid bits, as mentioned by others. > Those set the user ID/group ID of the process, regardless of who runs > it. Regular users *can* set those bits, but *can't* chown anything to > root. They also can't change permissions (including the setuid/setgid > bits) unless they're the owner, even if they're in the group and the > file has 777 permissions. > > paul@Serenity:~$ ls -alh PermTest-* > -rw-r--r-- 1 paul paul 0 Dec 24 03:32 PermTest-1.sh > -rwxrwxrwx 1 root paul 0 Dec 24 03:32 PermTest-2.sh > paul@Serenity:~$ chmod 4644 PermTest-1.sh > paul@Serenity:~$ chmod 4644 PermTest-2.sh > chmod: changing permissions of ‘PermTest-2.sh’: Operation not permitted > paul@Serenity:~$ ls -alh PermTest-* > -rwSr--r-- 1 paul paul 0 Dec 24 03:32 PermTest-1.sh > -rwxrwxrwx 1 root paul 0 Dec 24 03:32 PermTest-2.sh > > > Executables run with the permissions of the user running it, the file > permissions on the executable limit/allow *who* may run it. > > > - PaulNM
Hi Paul, I do not intend to hijack this discussion but I think I have got the same problem! Fist thank you for your explanation. I am following this discussion and I have a similar problem. I made a script, which is calling an application (/usr/bin/cpufreq-set) with additional tags. But I cannot get this script running with root privileges, although I set the setuid bit to root at my scriipt and cpufreq-set is set to owner root:root. As far as I understood your explanatiions: When I start my script as a regular user, it will be started with root privileges due to setuid root, but the called process (cpufreq-set) will then be startes with owner of the regular user and its rights? If so, is there a way to let both start with root owner and permission by a regular user? Thanks for any hints. And again, I do not want to hijack this discussion, maybe you can just explain it with the case of the original questioner. Thanks. Hans -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8683503.DJnhiYqzSX@protheus7
