As you may see by the image below, I changed the ownership of my emerald_setup
script to root:root and also set the SUID.
It happens that when I install the gem and check this script, it belongs to edvaldo:edvaldo (my user name) and has no SUID at all!
I don't know exactly what is happening, but this script makes changes to /etc/hosts
and also creates some firewall rules. This requires root privileges.
So, my questions are:
What am I missing in this case of the SUID?
How must I proceed to make sure the gem executable will have the SUID set?
Of course I know I could ask the user to run this script using
$ sudo emerald_setup
but this would lead me to another problem, since the gem executable is installed in user space and its location is NOT in superuser's path and setting this (guess what?!) requires superuser privileges.
Any suggestions?
You cannot pack up a program/script with suid privileges in a gem (or even a tarball) and have those privileges be restored when unpacking as a regular user. At some point, whoever installs your gem is going to have supply the password for root access. You could arrange for this to happen when the gem is installed by having the :install target of the gem Rakefile run a script which would prompt the user for su(do) password and then use sudo to run the commands that need to be run as root, though.