Sticky situation bcos of sticky bit
Situation is that there are two users on a Linux server- say A and B
A has been operating a shell script that in turn makes use of and exe file.
The script and exe both are owned by user A.
My problem is that I want user B to make use of the script and exe in exactly the same way user A does.
So I have set suid bit of the script, exe and all the library files that the exe uses.
But the exe is still not executing from user B.
I did a man of chmod on Linux server and it gave an indication that SUID is disabled on new Linux servers.
Now the question is, is there any other command that can perform the same task as SUID did on Unix.
Any other suggestions are welcome.
First, please spell out your words in a forum (because, not bcos).
Secondly, exe files only run under windows, not linux. Do you meen an executable file? If so, say it that way. If this is a LINUX executable & script, you should create a group that both belong to and make the proper permissions for the script in the group position.
The Linux exe and script already belong to the same user and group (User A, Group is such that both User A and B belong to the same group).
I have set their SUID bits so that user B will be able to execute them and the process that gets generated will be that of user A.
Still this is not working successfully.
My doubt is whether SUID bit is functional in Linux or not? (As per the man of chmod that I updated in my earlier post)
And if not, is there any other way to perform the same function?
Is the filesystem with the executable mounted with suid flag? If it is not, suid bit will be ignored. What does the "mount" command return?
Anyway, setuid should not be used unless necessary, and mounting filesystems with nosuid improves security. tommyttt's solution is cleaner: Create a group (let's call it "mygroup"), make the script and the executable belong to root:mygroup with permissions 750 (rwxr-x---) and make users A and B belong to group "mygroup".
After a lot of attempts I am finally able to start the process(previously started using user A) using user B.
Now, as suggested, I changed the mountpoint and set its SUID bit for the enabling SUID functionality.
On trying to start the process, it throws the error : "error while loading shared libraries"
Since this error turns up only after I try setting the SUID bit, its a given that the issue's got something to do with SUID bit itself.
Since it throws error related to shared libraries, now please suggest if the folder for shared libraries (like /lib)also need to have their SUID bit set?
If that is indeed the case, I will be changing the approach to the problem since I can't set the SUID bit for the /lib.
Thnx for the help.
|All times are GMT -5. The time now is 08:13 PM.|