0

I need a script that can be run as a user that will modify the MAC address of eth0. I have come up with the following script:

#!/bin/bash
/etc/init.d/networking stop
ifconfig eth0 hw ether 00:50:56:98:00:19
/etc/init.d/networking start

I set setuid permission and assigned it to root: -rwsr-xr-x 1 root root 110 May 24 14:22 ChangeMac.sh but it still would give me the following output when I run it as user:

$ ./ChangeMac.sh
stop: Rejected send message, 1 matched rules; type="method_call", sender=":1.100" (uid=1000 pid=6746 comm="stop networking ") interface="com.ubuntu.Upstart0_6.Job" member="Stop" error name="(unset)" requested_reply="0" destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init")
SIOCSIFHWADDR: Operation not permitted
start: Rejected send message, 1 matched rules; type="method_call", sender=":1.103" (uid=1000 pid=6753 comm="start networking ") interface="com.ubuntu.Upstart0_6.Job" member="Start" error name="(unset)" requested_reply="0" destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init")

Why is this? How can I make it so that a user can invoke it but it gets executed as root?

stdcerr
  • 1,080
  • 5
  • 19
  • 36
  • init.d, are you using 14.04? Also you need to run it with sudo, the owner doesn't matter for running it. – Ziazis May 24 '17 at 21:54
  • 1
    For security reason it's not possible to set SUID on scripts. have a look at this: https://askubuntu.com/questions/914278/how-to-randomly-change-the-mac-on-each-boot-in-16-04/914286#914286 – Ravexina May 24 '17 at 22:18
  • @Ziazis this is 14.04, yes. Does this matter? I changed the owner of the file to a user, tried to run it as such but I'm still getting the above Operation not permitted errors. – stdcerr May 24 '17 at 22:23

1 Answers1

1

If you want to be able to run this and only this script as a normal user without any other sudo rights, or you want to run it with sudo without password typing you can add them to your sudoers.

e.g. sudo echo "[username] ALL = NOPASSWD: /path/to/your/script" >/etc/sudoers.d/myscript

However this is kinda meh in safety since if someone can edit this script as your user they can run any command as sudo without knowing your password so take care in using it.

Just make sure the script is owned by root and write rights are only at it's owner so no one else can change it.

You can also use chattr to make sure no one can modify your script:

sudo chattr +i script.sh

From man chattr:

A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file.

After all that just run sudo myscript and it should run it with root rights without asking for a password.

Ravexina
  • 55,668
  • 25
  • 164
  • 183
Ziazis
  • 2,174