I'm writing an auditd plugin, which is executed as root user by auditd, and as per the man recommendation I'm looking to lower it's privileges.
I assumed just setting the scripts setuid would be sufficient but that appears to not be the case. Any suggestions how I can get the script to run as the owner rather than as root?
# chmod u+s listerner.sh
# ls -lt
total 20
-rw-r--r--. 1 root root 10 Oct 26 13:59 listener.bash.log
-rwsr-xr-x. 1 mike mike 60 Oct 26 13:58 listerner.sh
When i run the file as root, it generates a log file owned by root, and when it runs: whoami - it also outputs root.
The test script is very simple and doesn't do anything other than what I described above:
# cat listerner.sh
#!/usr/bin/sh
whoami
echo "Test file" > listener.bash.log
I tried the same with a Python script initially as well, and got the same behaviour.
So not sure if I've misunderstood how to use setuid, or perhaps its been disabled on this server (RHEL 8).