Possible to use group with execute permission without setuid?
Earnestly opened this issue · 2 comments
According to some it has been possible to use sudo without setuid by using group level permissions instead. I.e.
chown root:wheel /usr/bin/sudo
chmod =775 /usr/bin/sudo
After attempting this, sudo
appears to check that is not setuid and fails with sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
Is it possible to use sudo in this manner without setuid?
Sorry, this has never been possible. All you are doing by making the sudo binary mode 775 is allowing users in group wheel to write to the sudo binary itself. Not only will sudo not function but you are creating a security issue since anyone in group wheel can now replace /usr/bin/sudo with a malicious binary.
Yes, I had wondered why some people claimed this as possible, thanks for clarifying it.