LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-07-2004, 07:55 AM   #1
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
Only root can do that! (but i made it SUID root ?)


i wrote a script that creates an encrypted loop, and mounts a filesystem image.
i dont want to have to become root every time i mount my encrypted file system, but the script needs root access to setup the loop (with the losetup command)

so i wrote my script, saved it. and as root...
chown 700 myUser /home/user/bin/script
chown user /home/user/bin/script
chmod +s /home/user/bin/script

(i also tried chmod u+s)

so why does the mount command complain that only root can do that!

i thought setting an executable as SUID ROOT made it run with root privilages ! ?

my scripts...
Code:
#!/bin/bash
/sbin/losetup -e aes /dev/loop1 /home/chris/encrypted.fs
mount /dev/loop1 /home/chris/secret/
Code:
#!/bin/bash
umount /dev/loop1
/sbin/losetup -d /dev/loop1
 
Old 07-07-2004, 09:01 AM   #2
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
I'll have to go back and verify, but I remember reading somewhere that shell scripts are the exception: they completely ignore the suid bit. If I find it again, I'll let you know, but I did run an experiment to test it when I learned about it. Execute a simple script like:
Code:
#!/bin/bash

echo "Starting sleep..."
sleep 15
echo "Too Late!"

exit 0
Make it executable and make it SUID. Run the script in the background, and if you pull up a ps listing, it should show the sleep command being executed as non-root.

Your options may end up being to write a compiled version of the script in C or setting up the specific commands in sudo.
 
Old 07-07-2004, 09:24 AM   #3
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
I found a website that seems to talk about it: The Answer Gang

The second question on the page seems to talk a bit about it, and the respnse boiled down to "A script can have SUID set, but unless bash itself is set up for SUID, then the SUID of the script is ignored." At least, that was my interpretation of it.
 
Old 07-07-2004, 09:53 AM   #4
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
BUT... if i set bash to suid.. would that give all users root access in command line ?
 
Old 07-07-2004, 10:51 AM   #5
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
That might solve the problem, but my gut tells me it's probably a bad idea. Setting bash's SUID might cause every command executed by every user to run as root. I dunno for sure... never tried it. The thought behind that is: if every shell started will be owned by root and if bash uses the ID of the person owning the shell to execute new commands, then everybody will (effectively) be root.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
smbmnt must be installed suid root figadiablo Linux - Networking 29 08-09-2007 11:12 PM
How to put artswrapper suid root? jayhel Slackware 2 09-19-2005 08:43 AM
insecurity in suid-to-root prabhatsoni Linux - Security 5 11-13-2004 03:57 AM
xterm installs suid root? infamous41md Linux - Security 2 01-18-2004 12:08 PM
how to set artswrapper suid root ? chokecherry Linux - General 3 11-27-2003 03:32 AM


All times are GMT -5. The time now is 09:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration