Lowering privileges of executed script

33 Views Asked by At

I'm writing an auditd plugin, which is executed as root user by auditd, and as per the man recommendation I'm looking to lower it's privileges.

I assumed just setting the scripts setuid would be sufficient but that appears to not be the case. Any suggestions how I can get the script to run as the owner rather than as root?

# chmod u+s listerner.sh
# ls -lt
total 20
-rw-r--r--. 1 root    root          10 Oct 26 13:59 listener.bash.log
-rwsr-xr-x. 1 mike mike  60 Oct 26 13:58 listerner.sh

When i run the file as root, it generates a log file owned by root, and when it runs: whoami - it also outputs root.

The test script is very simple and doesn't do anything other than what I described above:

# cat listerner.sh
#!/usr/bin/sh

whoami

echo "Test file" > listener.bash.log

I tried the same with a Python script initially as well, and got the same behaviour.

So not sure if I've misunderstood how to use setuid, or perhaps its been disabled on this server (RHEL 8).

0

There are 0 best solutions below