Linux, like many other Unix variants, ignores the setuid-bit on scripts. So your script runs as unprivileged user. Unprivileged users aren't allowed to change the UID or GID, hence the "Operation not permitted" error.

Perl once had a separate interpreter, suidperl, that was installed setuid root, and that should respect the setuid-bit on scripts. It never worked as secure as it should, so it was deprecated and finally removed.

Consider using sudo, as recommended in perl587delta. Read perlsec for a different approach. A third approach may be splitting the job into a privileged daemon and an unprivileged front-end, communicating over unix domain sockets or named pipes.

Alexander

strace will give you the same message

setuid32(0) = -1 EPERM (Operation not permitted)
[download]

Not that helpful, except it tells you which system call's man page you should be reading.

$ man setuid32
...
       EPERM  The user is not privileged (Linux: does
              not have the CAP_SETUID capability) and
              uid does not match the real UID or saved
              set-user-ID of the calling process.
...
[download]

I would be interested in a simple example of using backtrace/strace to investigate an issue like this.

Instead of some command as in foo.pl or perl foo.pl you prefix with strace, as in strace perl foo.pl ... and then you watch

Once again, thank you for your response regarding the setuid module/part that is required to run setuid programs. I believe it is still possible to configure this with the current installer, however, I am having some issues with doing so silently (please see my response in the thread above).

Also, very grateful for the lil' strace tutorial above! :)