LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 03-08-2004, 02:46 PM   #1
clinton
Member
 
Registered: Oct 2003
Location: Vancouver
Distribution: RH Enterprise AS 3
Posts: 47

Rep: Reputation: 15
Question chmod u+s not working as expected


I am having some problems setting the suid and getting a shell script to work properly.

I have checked similar posts on this site and others on the web but I haven't had any luck. The man pages haven't provided a solution either.

I wrote a wrapper BASH shell script (I'll call it 'A') to write the executing users' details (user name, date, etc) to a log file and then call the original program (I'll call it 'B') .

There are several problems I am facing though.

1) I did a chmod 4755 on script 'A' to permit writing to the log file. But I always get a permission denied problem when running this as somone other than root.

My understanding of 4755 was that anyone who executed the script would execute it as root and therefore all commands in the shell script would execute as if root had executed them. ie. they would be able to write to the log file.

2) I find that if the directory containing the three files has other write permissions (755) (even if the 3 files do not) then the three files may be edited by users other than root (which I obviously do not want!) Is there any way around this other than changing permissions on the directory to o-w ???

In order to get around problem 2, my directory structure looks like this:

|
+------Foo
| +- symbolic link to script 'A'
|
|
+------Boo
|
+- script 'A'
+- program 'B'
+- log file


Directory Boo/ has permissions of 755 and Foo/ has 755 also.
Script 'A' has permissions of 705, program 'B' is 700 and the log file has 704. All three files and both directories are owned by root.

I am running RedHat 9.0.

I am not sure what I may be doing wrong. Any assistance you can provide is much appreciated. Thanks.
 
Old 03-08-2004, 03:23 PM   #2
JayCnrs
Member
 
Registered: Mar 2003
Location: Winnipeg
Distribution: Suse 9.3 Pro
Posts: 404

Rep: Reputation: 30
I don't know if this will help but if you try and do the following to the script file:

chmod 701 scriptfile
chmod u+s scriptfile


I believe that 1 is execute permission and so when somebody executes the script it will run with roots priveleges.

Let us know how it goes
 
Old 03-08-2004, 04:25 PM   #3
clinton
Member
 
Registered: Oct 2003
Location: Vancouver
Distribution: RH Enterprise AS 3
Posts: 47

Original Poster
Rep: Reputation: 15
Thanks for the quick reply.

Shell scripts (apparently) need read permissions to run.

'Script A' had 705 permissions (read and execute)

and I applied
chmod u+s 'Script A'

This was already the state it was in when I wrote my original post.
The permissions on it are:
-rws---r-x 1 root root

So my problem still exists.

Thanks again.
 
Old 03-19-2004, 08:49 PM   #4
clinton
Member
 
Registered: Oct 2003
Location: Vancouver
Distribution: RH Enterprise AS 3
Posts: 47

Original Poster
Rep: Reputation: 15
Hi all,

After much more digging with mostly fruitless results, I finally have an answer to my problem

SUID is NOT valid for shell scripts in the later Linux kernels.

It can be a security risk and so the later kernels have completely disabled it.

I used to have URL references for this, but I lost them. But trust me, this is the case.

SUID will work for C programs, which is why /usr/sbin/passwd has the SUID bit set.

If you want a shell script to operate with SUID there are a few options:

1) You can make a wrapper for the script in C and set the C program to SUID.
Alternatively you could just write the shell script in C (if you know how).
2) I read that 1) will also work for Perl scripts, although you may need to add
a module or two.
(http://www.megaloman.com/~hany/RPM/d....3.1.i386.html)

3) Use the program sudo. I think later versions (of RedHat, at least) have this already installed. You can check out http://www.courtesan.com/sudo/ for information on it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
S_ISDIR not working as expected. what is going on? zeppelin Programming 8 04-19-2007 11:21 AM
Bandwidth control not working as expected. ALMAM Linux - Networking 7 09-28-2005 07:41 AM
Crontab not working as expected nro Linux - Newbie 7 08-29-2005 01:56 PM
LinkSys EZXS55W not working as expected spaaarky21 Linux - Networking 2 09-06-2004 12:44 AM
up2date not working as expected johnny13 Linux - Newbie 7 07-21-2003 02:15 PM


All times are GMT -5. The time now is 01:57 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration