rubyrubygemsexecutablesudosuid

Ruby gem executable with SUID not working as it should


As you may see by the image below, I changed the ownership of my emerald_setupscript to root:root and also set the SUID.

enter image description here

It happens that when I install the gem and check this script, it belongs to edvaldo:edvaldo (my user name) and has no SUID at all!

enter image description here

I don't know exactly what is happening, but this script makes changes to /etc/hosts and also creates some firewall rules. This requires root privileges.

So, my questions are:

Of course I know I could ask the user to run this script using

$ sudo emerald_setup

but this would lead me to another problem, since the gem executable is installed in user space and its location is NOT in superuser's path and setting this (guess what?!) requires superuser privileges.

Any suggestions?


Solution

  • You cannot pack up a program/script with suid privileges in a gem (or even a tarball) and have those privileges be restored when unpacking as a regular user. At some point, whoever installs your gem is going to have supply the password for root access. You could arrange for this to happen when the gem is installed by having the :install target of the gem Rakefile run a script which would prompt the user for su(do) password and then use sudo to run the commands that need to be run as root, though.