Just to explain this: Normally, you setuid an executable file and then run it. In the normal case (native Linux binaries or shell scripts) then that is fine as the thing runs directly.
In the case of Mono then you can't "execute" a .exe directly* and so you need to run "mono my.exe". When you do that then Mono runs and loads the .exe as the code, which means that as far as the OS is concerned then /usr/bin/mono is the thing that runs and not my.exe. That also means that mono would need to be setuid (or invoked as the right user) rather than your exe. Note: it is probably a *terrible* *idea* *™* to keep /usr/bin/mono as setuid. It should be used sparingly at the best of times, and since Mono runs arbitrary code for a vast range of apps (rather than being a single fixed-purpose binary, like cat, vim or visudo or something) then you're opening yourself up to huge issues and security risks by running it setuid the whole time. It is much better to wrap it in a no-args shell script and setuid that. * Some distros will set it up so that it looks like you're executing it directly, but it uses a wrapper method that just does the "mono my.exe" for you - http://askubuntu.com/questions/20246/running-a-mono-program-without-typing-in-mono-foo-exe On 13/09/13 06:51, Ian Norton wrote: > For setuid on the program to work you'd have to setuid mono itself. > Depending on your deployment scenario you could mkbundle your program > and setuid the result. > > > On 11 September 2013 23:32, mickeyf <[email protected] > <mailto:[email protected]>> wrote: > > I have an application that uses a udp socket. If I run it "sudo mono > myapp.exe" it works fine. If I leave off the sudo it fails when > attempting > to bind the socket - this is not a surprise. > > However, when change the owner to root and setuid on myapp.exe, it still > fails. > > Is this what I should expect, and what is the preferred way to run this > without actually being root? > > thanks > > > > -- > View this message in context: > http://mono.1490590.n4.nabble.com/setuid-behavior-tp4660850.html > Sent from the Mono - General mailing list archive at Nabble.com. > _______________________________________________ > Mono-list maillist - [email protected] > <mailto:[email protected]> > http://lists.ximian.com/mailman/listinfo/mono-list > > > > > _______________________________________________ > Mono-list maillist - [email protected] > http://lists.ximian.com/mailman/listinfo/mono-list > _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
