problem with SUID bit
Hello,
I'm trying to do a simple thing using the SUID bit but I'm having problems with it. Here it goes: $ whoami joan $ groups joan disk cdrom floppy audio src users $ ls -l cat_squid_conf.sh -r-sr-x--- 1 root joan 48 2004-04-09 19:33 cat_squid_conf.sh $ cat cat_squid_conf.sh #!/bin/sh cat /etc/squid.conf $ ls -l /etc/squid.conf -rw------- 1 root root 113171 2004-04-09 18:50 /etc/squid.conf $ ./cat_squid_conf.sh cat: /etc/squid.conf: Permission denied Anybody knows why this script is not running as root? Thanks in advance !! Joan |
First of all u don't need 2 run it as root. you could run it as a normal user.
The reason you're unable to execute it is because the file is not executable. 2 solutions: 1) chmod 755 cat_squid_conf.sh ( since the file belongs 2 root u have to run this command as root - log in or su to root and run this command) 2) ./cat_squid_conf.sh OR 1) bash cat_squid_conf.sh Cheers. |
I'm not running it as root, but as joan ($ whoami ----> joan), member of joan's group ($ groups -----> joan...).
And cat_squid_conf.sh is executable ($ ls -l cat_squid_conf.sh -----> -r-sr-x--- ...). That means that the file's user (root) can read and execute, and members of group joan can read and execute. The 's' means that it should run with root privilegies, so it shouldn't be problems in reading squid.conf file... But there are... Thank you for the effort. |
Hahahhahaha.... sorry. Too sleepy already. I mistook the last ls -l output for your scripts permission ;)
check 2 things. 1 the file /etc/squid.conf exist. and you could try the command "/etc/squid.conf" 2 where is the script located? what is pwd? is it mounted from another filesystem? if that is the case you need the "exec" option in your mount command to run scripts on other mounted filesystems other than root. Sorry as I don't check back at posts often to reply. So if u need n e further help kelvinlai at veryfast.biz Note : You should try not to run your scripts as root. It posses a big security prob;) SUID is a no no whenever possible;) N e way the squid.conf file is readable by everyone so why do you wanna run your script as root anyway. Cheers |
ok. here a final help.
cat /etc/squid.conf -> if no error then continue with echo "cat /etc/squid.conf" > myscp chmod 755 myscp ./myscp -> if this doesn't work, biggest possibility is the filesystem is mounted with noexec. you need to mount it with exec. Cherrio |
- File /etc/squid.conf exists: $ ls -l /etc/squid.conf ------> -rw------- 1 root root 113171 2004-04-09 18:50 /etc/squid.conf so it exists.
- command /etc/squid.conf is impossible, because squid.conf is a text file. I only want to see it. - the script is located at the active directory of user joan. - The filesystem is the same for squid.conf and cat_squid_conf.sh. This is the root (/) filesystem and it isn't mounted with noexec: /dev/hda6 on / type ext3 (rw,errors=remount-ro) - I'm making this script to let a user different than root to read file squid.conf. I don't think this is a security problem, because the script can only be changed by root, and can only be readed/executed by members of group 'joan'. This way I prevent other users from accessing the contents of squid.conf. Thanks for the help, but this doesn't solve the problem... |
For security reasons the kernel level has disabled the setuid for scripts
Since you want to limit the access of squid.conf file then maybe u could use acl. use setfacl to set the permission so that rw for root and r for group joan. If you don't want to use acl (access control list) then try sudo. |
All times are GMT -5. The time now is 11:54 AM. |