C++ – running git ‘post-receive’ hook with setuid fails


I have a git repository that needs to run a post-receive hook as sudo. The binary that I compiled to test this looks like:

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>

int main() {
   int ret;
   ret = setuid(geteuid());
   if(!ret) {
      fprintf(stderr, "error setting uid %d \n", ret);
   system("[...command only sudo can access...]");

   return 0;

The geteuid() retrieves the owner id of post-receive, then tries to setuid. When running this with any user(including the super user) it runs the script correctly as root. However, when triggered by the git hook the systems fail to set the uid. I have tried running chmod u+s post-receive I also tried some other configurations, but I am running out of ideas. Any reason why it would work in all cases except when git triggers it?

btw, platform Ubuntu Server 9.04(2.6.28-15), git1.6.0.4, gcc version 4.3.3 (Ubuntu 4.3.3-5ubuntu4)

Best Solution

  1. The file system where the git repo is stored may be mounted with the nosuid option
  2. If you are pushing over ssh the suid capability may be disabled for commands invoked with ssh (no CAP_SETUID)

In any case, what you are trying to do is very inadvisable.