I am learning thanks x)
But same error still. I did something wrong ? (I setted the gid bit)
[zohran@alienware-m17-r3 Downloads]$ sudo chown root:root test.cr
[zohran@alienware-m17-r3 Downloads]$ sudo chmod g+s test.cr
[zohran@alienware-m17-r3 Downloads]$ crystal test.cr
1000
Refused!
hello
1000
If I had to guess you’re setting the bit on the source code file but not the resulting binary. Maybe try doing a crystal build test.cr then sudo chown root:root ./test && sudo chmod g+s ./test then ./test.
1 Like
I thought already about this. But same problem
you are setting permissions on source code. That does nothing.
Compile and set them on the binary.
1 Like
It does work:
> crystal build x.cr
~ via 🔮 v1.15.1
> sudo chown root:root ./x ; sudo chmod ug+s ./x
~ via 🔮 v1.15.1
> ls -lth x
-rwsrwsr-x 1 root root 2,1M mar 21 16:56 x*
~ via 🔮 v1.15.1
> ./x
~ via 🔮 v1.15.1
> ls -lth foo
-rw-r--r-- 1 root root 0 mar 21 16:56 foo
~ via 🔮 v1.15.1
> cat x.cr
lib LibC
fun seteuid(gid: UidT): Int
fun setegid(gid: UidT): Int
end
LibC.seteuid(0)
LibC.setegid(0)
File.open("foo", "w")
~ via 🔮 v1.15.1
> whoami
ralsina
1 Like
Which idiot am I ?
So it’s egid, not gid ?
Apparently part of the problem is that I don’t really remember the diff between setegid and setgid because it doesn’t work with setgid :-D
1 Like
Ah okay
I have one question, but I think unfortunately I know already the answer. Is there anyway after you drop the privilege, later in the code, you grant sudo access to another part of the code, or it’s just a “one shot” ? Because basically, I would like by default my code runs as normal user, but sometime swap to superuser temporary, but not just one time
Hi guys, just to let you know all I find how to do. I share my experiment 
lib LibC
#gid
fun setgid(gid : UidT): Int
fun getgid : UidT
#euid and egid
fun setegid(egid : UidT): Int
fun seteuid(euid : UidT): Int
fun getegid : UidT
fun geteuid : UidT
#resuid and resgid
fun setresgid(realid : UidT, effectiveid : UidT, savedid : UidT): Int
fun setresuid(realid : UidT, effectiveid : UidT, savedid : UidT): Int
fun getresgid : UidT
fun getresuid : UidT
end
LibC.setuid(0)
LibC.setresuid(realid: 1000, effectiveid: 1000, savedid: 0)
LibC.setresgid(realid: 1000, effectiveid: 1000, savedid: 0)
Process.run(command: "groupadd -R /home/fulgurance/Downloads/dira ism",
shell: true,
input: Process::Redirect::Inherit,
output: Process::Redirect::Inherit,
error: Process::Redirect::Inherit)
LibC.setresuid(realid: 0, effectiveid: 0, savedid: 0)
LibC.setresgid(realid: 0, effectiveid: 0, savedid: 0)
Process.run(command: "groupadd -R /home/fulgurance/Downloads/dira ism",
shell: true,
input: Process::Redirect::Inherit,
output: Process::Redirect::Inherit,
error: Process::Redirect::Inherit)
LibC.setresuid(realid: 1000, effectiveid: 1000, savedid: 0)
LibC.setresgid(realid: 1000, effectiveid: 1000, savedid: 0)
Process.run(command: "groupadd -R /home/fulgurance/Downloads/dira ism",
shell: true,
input: Process::Redirect::Inherit,
output: Process::Redirect::Inherit,
error: Process::Redirect::Inherit)
LibC.setresuid(realid: 0, effectiveid: 0, savedid: 0)
LibC.setresgid(realid: 0, effectiveid: 0, savedid: 0)
Process.run(command: "groupadd -R /home/fulgurance/Downloads/dira ism",
shell: true,
input: Process::Redirect::Inherit,
output: Process::Redirect::Inherit,
error: Process::Redirect::Inherit)