LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-13-2012, 01:43 PM   #1
bhakti_thakkar
LQ Newbie
 
Registered: Jun 2012
Posts: 3

Rep: Reputation: Disabled
SUID working


Hello All,
I am trying to implement a small example to understand the working of SUID.
Following is the test scenario:
System : Ubuntu 12.04
Users:
1.)bhakti:x:1000:1000:bhakti,,,:/home/bhakti:/bin/bash
2.)hetal:x:1003:1000::/home/hetal:/bin/sh
Groups :
1.)bhakti:x:1000:

Following is the overview of test scenario:
1.)There is folder named "fold" in the directory /home/bhakti which is home directory of user "bhakti".It has 3 files a.txt,b.txt,c.txt each with permissions set to 664.

bhakti@bhakti:~$ ls -l | grep fold
drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold
bhakti@bhakti:~$ ls -l fold
total 12
-rw-rw-r-- 1 bhakti bhakti 6 Jun 13 20:23 a.txt
-rw-rw-r-- 1 bhakti bhakti 12 Jun 13 20:23 b.txt
-rw-rw-r-- 1 bhakti bhakti 120 Jun 13 20:24 c.txt

2.)There is a shell script named "two.sh" which lists all the files in the directory provided as command line argument.

Shell script:
for entry in "$1"/*
do
if [ ! -d "$entry" ];then
echo "$entry"
fi
done

3.)The permissions of the file two.sh are set to 755 and then i have set the SETUID for this file using commands:
chmod 755 two.sh
chmod +s two.sh
So the permissions of the file are as follows:
bhakti@bhakti:~$ ls -l | grep two.sh
-rwsr-sr-x 1 bhakti bhakti 81 Jun 13 22:49 two.sh

4.)Now i execte the script as user "bhakti" and following is the output:
bhakti@bhakti:~$ ./two.sh fold
fold/a.txt
fold/b.txt
fold/c.txt


5.)Next I switch the user to "hetal" and execute the same script and i get following result:

hetal@bhakti:/home/bhakti$ whoami
hetal
hetal@bhakti:/home/bhakti$ pwd
/home/bhakti
hetal@bhakti:/home/bhakti$ ./two.sh fold
fold/*

hetal@bhakti:/home/bhakti$

The is unexpected since the concept says when SUID of a file is set
any persons or processes that run the file have access to system resources as though they are the owner of the file.
By setting the SUID of two.sh by the user "bhakti" , it is expected that any other user executing this file , executes it as if it is the owner of the file.

The links that I have referred for understanding this concept are:
http://www.comptechdoc.org/os/linux/..._ugfilesp.html
http://www.codecoffee.com/tipsforlin...icles/028.html

I hope i am not missing out something...
Any guidance would be appreciated...
Thanks in advance
 
Old 06-14-2012, 08:58 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,110

Rep: Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268
remember, the shell scripts never run by themselves. There is a shell interpreter (probably /bin/bash) which will try to execute the script. therefore setting setuid/setgid bits on a shell script have no meaning at all.










_____________________________________
If someone helps you, or you approve of what's posted, click the "Add to Reputation" button, on the left of the post.
Happy with solution ... mark as SOLVED
(located in the "thread tools")
 
1 members found this post helpful.
Old 06-14-2012, 09:57 AM   #3
bhakti_thakkar
LQ Newbie
 
Registered: Jun 2012
Posts: 3

Original Poster
Rep: Reputation: Disabled
Hi pan64,
Firstly would thank you for ur guidance.
I checked the permissions of /bin/bash which were set to 755 by default.
What I did was set the setuid for /bin/bash using chmod +s /bin/bash
So now , it would work like :
Run two.sh from user "hetal" -> invokes /bin/bash(which has setuid bit set and has root as owner) -> try reading "fold" directory(whose permissions are set to 700)

Following is the output:
bash-4.2$ ls -l | grep fold
drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold
bash-4.2$ whoami
hetal
bash-4.2$ ./two.sh fold
fold/*


Now if I am understanding it right , since bash has setuid bit set any process running bash would run it as if it were root.
This implies that now two.sh which is being executed is running as if "root" user and root being super user it can read contents of any directory.
So in this case this output is invalid and it should list the directory contents.

Then I tried one more thing:
I set the permissions of folder "fold" to 744
Now repeated the same test.The result is :

root@bhakti:/home/bhakti# ls -l | grep fold
drwxr--r-- 2 bhakti bhakti 4096 Jun 13 20:24 fold

root@bhakti:/home/bhakti# su hetal
$ bash
bash-4.2$ ./two.sh fold
fold/a.txt
fold/b.txt
fold/c.txt

This implies that I have to set the permission for "others" as Read for directory "fold" so that root user(belonging to a different group than that of creator "bhakti") can read it which is irrational .

Also what i tried is output:
Set the permissions of folder "fold" back to 700.
Now run the file two.sh from "root" user.

Following is the output
root@bhakti:/home/bhakti# chmod 700 fold
root@bhakti:/home/bhakti# ls -l | grep fold
drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold
root@bhakti:/home/bhakti# ./two.sh fold/
fold//a.txt
fold//b.txt
fold//c.txt

Also , I observed , when i changed the bash setuid ; they way interpreter is presented changes from :
hetal@bhakti:/home/bhakti$ to bash-4.2$ .


I hope i am not confusing you ...
Please guide if i am wrong at my concepts....
 
Old 06-14-2012, 01:25 PM   #4
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,110

Rep: Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268Reputation: 2268
here is a small explanation: http://www.faqs.org/faqs/unix-faq/fa...section-7.html
here is another one: http://www.tuxation.com/setuid-on-shell-scripts.html




_____________________________________
If someone helps you, or you approve of what's posted, click the "Add to Reputation" button, on the left of the post.
Happy with solution ... mark as SOLVED
(located in the "thread tools")
 
1 members found this post helpful.
Old 06-14-2012, 01:33 PM   #5
bhakti_thakkar
LQ Newbie
 
Registered: Jun 2012
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks ....i would delve into the details
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SUID and SGID not working on Red Hat Enterprise Linux ES release 4 Bob Lawson Linux - Security 2 11-28-2008 08:49 AM
example for SUID's akhil.mud Linux - Software 1 11-05-2007 01:05 PM
Suid? whishkah Linux - Software 5 09-07-2006 03:17 PM
SUID file drops suid bit on append? c_coder Programming 1 03-12-2004 08:59 AM
SUID not working properly everythingand2 Linux - General 1 02-27-2004 01:42 PM


All times are GMT -5. The time now is 09:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration