We always remember chmod u+s or special permission bit on an executable means when we run the executable it will run as the owner of the executable (read this). There are a problem with it, it will WORK IF it’s a BINARY EXECUTABLE, NOT SHELL SCRIPT! Then how to make shell script behave the same way? The only option is using suid-wrapper. The project reside at https://github.com/thiagorb/suid-wrapper. This piece of open source project with build our script into executable, and we can give special bit to it using chmod u+s, change the owner to root, and we won’t need to use sudo/suoders rule to run our script as root anymore!
This help with some automation like maping keyboard key to specific script, and run it as root without any confirmation using gksu/pkexec, sometimes both of them has problem with the display output, so I left them out, and found this alternative. How to install it? We can just download the binary (please by the grace of god, stay away from snap, it’s bad, broken, and worst performing package seal ever created imho, sorry the author of suid-wrapper). So you can run these command :
$ cd /tmp
$ wget https://github.com/thiagorb/suid-wrapper/releases/latest/download/suid-wrapper -O suid-wrapper
$ chmod +x suid-wrapper
$ sudo chown root:root suid-wrapper
$ sudo mv suid-wrapper /usr/bin/suid-wrapper
Then you can test the command, using :
$ suid-wrapper --help
If it prints how to use it, then you are good to go. First thing first, to use it, you need a script/any executable you want to wrap with suid-wrapper. Take example ps_mem (a python script that calculate all the ram usage by each individual process), we can wrap it with suid-wrapper with :
$ mkdir -p ~/.local/bin # make sure the path exists
$ export PATH=$HOME:$PATH # make sure the local bin path registered as search bin
$ suid-wrapper -o ~/.local/bin/pmss /usr/bin/ps_mem
$ sudo chmod +xs ~/.local/bin/pmss
$ sudo chown root:root ~/.local/bin/pmss
After all those command, it should allow you to use pmss rather than ps_mem, and it will run without even using any sudo or switching to root user. How about bash script? It also same, you can replace the
/usr/bin/ps_mem to the
bash-script/location.sh (you shell script location), and the
~/.local/bin/pmss to any command you want to. It will come handy for many purpose, such toggling camera, turbo-on/off for intel, or anything that need sudo/super user permission. Use it with caution, and make sure there are no security hole on your script, or it will ends up able to run any script as root, which is bad for security. MAKE SURE THAT THE SOURCE SCRIPT NEVER REMOVED, if it’s removed, it will break!
I hope this post is useful for any of you who are finding a way to make executable run as root without sudo.