setuid and setgid wotking with 0 (root) only, I want it to work other user

Question

I'm trying to write a program that run /bin/bash with user smith privileges,

smith:x:1000:1000:Basket:/home/smith:/bin/bash

I tried this:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main () {
        setgid(1000);
        setuid(1000);
        char command[50];
        strcpy( command, "/bin/bash" );
        system(command);
        return(0);
} 

and I used those command to set the owner, group, and the permissions

chown smith command
chgrp smith command
chmod +x command
chmod u+s command

the permissions after the commands:

-rwsr-xr-x  1 smith smith   16840 Jun  6 17:11 command

and didn't work, I tried with root as next:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main () {
        setgid(0);
        setuid(0);
        char command[50];
        strcpy( command, "/bin/bash" );
        system(command);
        return(0);
} 

and I used the same commands for permissions and so on but instead of smith, I wrote root and I worked and when I run it I'm getting a shell as root.

So how I can do it with a smith user?

Answer 1

Linux Just Works Like That (tm)

If any user could become another user willy-nilly then Linux would have no access permissions at all.

Only a process running with root permission can change its effective credentials.

That being said, Linux provides fine-grained credentials. See:

$ man 7 capabilities

for the details.

A better solution to the "I want to be root" syndrome is to check out sudo(8). Using sudo(8) is better because:

1. You can control who has the power.
2. You can control which applications that user may run.
3. You can even mandate the first few command line actions they must supply.
4. An entry is made into an audit trail, so you know whom to blame when they crash the machine.

Answer 2

I used those command to set the owner, group, and the permissions

chown smith command
chgrp smith command
chmod +x command
chmod u+s command

If you are using the SUID and / or SGID bit in the program's mode then the program does not need to call the corresponding identity-change function. The system will run the program with the owner's (SUID) and / or group's (SGID) identity automatically. It follows that if you use that approach to run under a uid other than root then the program must not attempt to call the identity-change functions, as only a program running with sufficient privilege can do that.

Thus, your main (mutually exclusive) options are these:

• Use the ownership and mode (SUID / SGID bits) of the executable to choose a non-privileged identity for the program to run as, and avoid calling setuid() or setgid(). Any user who has execute permission on the program will then execute it as the designated user / group.

• Use the setuid() and / or setgid() function at runtime to set the identity as which the program runs. These functions will fail if the program is run by an unprivileged user.

• Under Linux, use the capabilities subsystem to give the executable the privilege to change its user identity. (Details would be more than another whole answer.)

• Don't do it at all. This may be your best option. Setuid programs are risky, setuid shell scripts are much more so, and no security professional I know would accept a program such as yours that seeks allow arbitrary users to run arbitrary shell commands under a different identity.