This is IMHO bad advice. Firstly it simply won't work for many configurations and secondly suid root and web servers are a dangerous combination - especially if someone needs to have suid explained to them. There are other, safer ways to skin this particular cat.

The original author didn't specify whether it was running on a web server or not - the instance of a CGI script hadn't occurred to me actually. Yes, CGI scripts shouldn't be run suid root.

Perhaps the author could clarify?

Ah, very good point. Don't know why I thought it was a CGI question having just re-read it (can you change root node ins SOPW - I could have sworn it originally said CGI/nobody/apache somewhere). I like jacques answer the best so far ;-)

Just because it's dangerous isn't a reason not to teach it to them. Everyone has to learn about it for the first time sometime. It is responsible to give them the "But don't do that." disclaimer, though.

Lexicon

Everyone has to learn about it for the first time sometime.

Of course they do but hopefully by that stage they have discovered the man pages and/or read a basic book. Of the two objections I raised the first was the fact that you typically can't run suid scripts on a large number of the servers out there without recompiling the kernel to remove that restriction or wrapping the script with a short C execv() function. Have you ever actually tried it?

[user]$ cat test.pl
#!/usr/bin/perl
print "This is a suid test\n";
[user]$ chmod +s test.pl
[user]$ ll rover.pl
-rwsr-xr-x    1 user coders        203 Mar 10 02:41 test.pl
[user]$ ./test.pl
Can't do setuid
[user]$ su root
Password:
[root]# ./test.pl
This is a suid test
[root]# exit
exit
[user]$ ./test.pl
Can't do setuid
$ uname -sr
Linux 2.4.18-27.7.xsmp
$
[download]

cheers

tachyon