subsystemctl icon indicating copy to clipboard operation
subsystemctl copied to clipboard

Published 20 hours ago verified publisher icon sorah

Some thoughts about setuid

Open rowheel opened this issue 3 years ago • 0 comments

So subsystemctl is designed to work with root privilege, which I fully acknowledge, but recently I've been experimenting with chmod +s on the executable.

What I noticed is that, after setting the setuid on subsystemctl executable, start and stop subcommands still require you invoke sudo, but the behavior of shell and exec subcommands is more interesting - you can run them without your current user as root, you can even issue the flag to, by the way, start the systemd container without problem, and you won't be automatically escalated to root if you run setuid-ed subsustemctl as a normal user - you run a new process as exactly who you are.

Just wondering if that was the expected behavior, or whether subsystemctl is supposed to work with setuid at all.

Thank you 🙂

rowheel avatar Dec 20 '21 05:12 rowheel