Semantics of SUID (Set-User-ID)

Question

it seems that I have some trouble understanding the semantics of the SUID bit, perhaps someone can help me clarify the situation.

My understanding of the semantic of the SUID bit are as follows: When I set the SUID bit with a file, then the file will be executed as the owner of the file and not as the caller of the file. So to test this behavior I wrote the following python script:

#!/usr/bin/python3 -O

import os

def main():
        print('Real UserID: %d' % os.getuid())
        print('Effective UserID: %d' % os.geteuid())

if __name__ == '__main__':
        main()

After that I created a user named "testuser" with the corresponding group "testuser" and adjusted the file permissions (chown testuser file, chgrp testuser file, chmod u+s,g+x file). Next I added my main user to the "testuser" group so that I can execute the file as a member of the group. After all that the file permissions looked like this:

-rwsr-xr-- 1 testuser testuser  168 2011-04-02 13:35 procred.py*

So when I am login as the testuser the script produces the output:

Real UserID: 1001
Effective UserID: 1001

...and when I run the script as my main user the script outputs:

Real UserID: 1000
Effective UserID: 1000

Now as of my understanding the script should have run as the user with the uid 1001 (the owner of the file) in the latter execution. Am I getting the whole concept wrong or where is my mistake?

Answer 1

Setting the SUID bit on a *.py file does not help in any way here since the script is executed by the Python interpreter which must be set SUID in this case. Using 'sudo' is your better friend here.