LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-14-2008, 01:35 PM   #1
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Rep: Reputation: 69
A question about setuid


I'm running Backtrack 3. I just created a new user so that I won't be using root all the time. I adduser <user> then I went to Konqueror start --> switch user --> start new session and logged in my new user. I'm unable to run some commands like sudo, cat, hexdump, so I logged in as root and edited the /etc/sudoers file. I had to make it writeable first. I added

user ALL=/usr/local/bin/sudo
user ALL=/usr/bin/cat
user ALL=/usr/bin/hexdump

However, I noticed that I had to chmod u+s /usr/local/bin/sudo as root while the others /usr/bin/cat and /usr/bin/hexdump did not require that setuid attribute. So pretty much, I just chmod u+s /usr/local/bin/sudo and not the other two commands. I removed the write attribute as root and then I logged back in as my user and all three commands work.

Why is it that only sudo requires the setuid permission while the other two commands don't require the setuid permission?

Last edited by trist007; 12-14-2008 at 02:08 PM.
 
Old 12-14-2008, 01:38 PM   #2
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,027

Original Poster
Rep: Reputation: 69
Sorry for the multiple posts, browser issues.
 
Old 12-14-2008, 03:23 PM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
The passwd program also requires the suid bit be set to function for regular users. This is because it needs to modify /etc/passwd which only root can modify. The program itself only allows a regular user to change their own password. It checks if the effective UID matches the real UID. It is written with safeguards to prevent abuse. Only similar programs should have the suid bit set.

The problem with the programs (/usr/bin/cat, /usr/local/bin/hexdump) you listed isn't that they aren't being run as root. The problem is that you need to add /bin/, /usr/bin/ & /usr/local/bin/ to the $PATH variable in your login script. Cat & hexdump shouldn't be suid. I think that "sudo" is already suid. You distro may not be designed with multiple users in mind and isn't meant to be a general distro to use. It is used during forensic investigations. So it may not have a "wheel" group. Often you need to add a user to the "wheel" group before they can use sudo.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
setuid() Loser Linux - Software 1 11-05-2008 04:37 AM
setuid int0x80 Linux - Security 3 12-02-2005 02:33 PM
setuid question, or how to run a program with different ID linuxfond Linux - Newbie 3 07-09-2004 05:27 AM
setuid Help devinWhalen Linux - General 2 12-03-2003 10:57 AM
Setuid SirTurbo Linux - General 1 03-26-2003 07:57 PM


All times are GMT -5. The time now is 01:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration