0

I am setting SUID for a new user tommy to run the same commands as root but it goes down like this:

[root@192 ~]# useradd tommy
[root@192 ~]# su - tommy
[tommy@192 ~]$ chmod u+s /usr/bin/ls
chmod: changing permissions of '/usr/bin/ls': Operation not permitted`

Do I need to add this user to sudoers file in order to execute this command successfully or what?

cas
  • 1
  • 7
  • 119
  • 185
sengh
  • 1
  • you're trying to set SUID for the command `/usr/bin/ls` as user tommy, which doesn't have the rights to do that - since `/usr/bin/ls` is likely to be owned by root - I think what you're trying to achieve and what you're actually doing are two completely different things anyway – Jaromanda X Mar 20 '23 at 03:19
  • @JaromandaX I was just trying to learn setUID and setGID. I know both are different things. – sengh Mar 20 '23 at 05:45

1 Answers1

1

If you want user tommy to be able to run /usr/bin/ls as root, then you need to configure sudo to allow that. e.g. in /etc/sudoers:

tommy ALL = /usr/bin/ls

You do not need to change the permissions of ls to make it setuid. The elevation to root is performed by sudo if the rules in /etc/sudoers (and files in /etc/sudoers.d/) allow it.

In fact, you should NOT make ls setuid - that would make ls run as root (the owner, unless you've changed it) every time it is executed, no matter who executes it.

cas
  • 1
  • 7
  • 119
  • 185
  • Still no change: https://imgur.com/a/4E6EI7V – sengh Mar 20 '23 at 05:57
  • I repeat: **You do not need to change the permissions of ls to make it setuid**, and, more importantly, **you should NOT make ls setuid**. – cas Mar 20 '23 at 09:49