LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-27-2008, 08:04 AM   #1
Bob Lawson
LQ Newbie
 
Registered: Nov 2008
Posts: 5

Rep: Reputation: 0
SUID and SGID not working on Red Hat Enterprise Linux ES release 4


Hi,

We are moving from SCO to Red Hat Enterprise Linux ES release 4.

We have other older version of Red Hat running as well.

But somehting I have found on this version is a problem with SUID and SGID programs.

We have an application that needs to run as a different user. All the files are owned and RW but that user. Therefore not other use can gain access to the files.

Simple solution we have used for years is to have the executable SUID to that user.

-rwsr-sr-x 1 bbx group 863052 Sep 24 2001 bbx4

The application then runs as bbx and everyone is happy.

However on this version it is almost as if the SUID bit is not set. The application runs as the calling user and therefore can not gain access to the files.

I have created a simple C program.

-rwsr-xr-x 1 root root 5319 Nov 11 10:28 tuid

When I run it I print the results of getuid() and geteuid(). This is what I get:

203
203
uid: 203 euid: 203

So it is obviously not working. Same happens if the owner was bbx as in the first example.

This is fairly wired into how the entire application works. The effective user id is the new user and the uid remains the same. That way we can easily switch back to the original user when needed.

So what is it under this version of linux that is preventing SUID programs from having their effective user id changed and is there a way around this?

Thanks
Bob
 
Old 11-27-2008, 02:15 PM   #2
apilegaard
LQ Newbie
 
Registered: Oct 2005
Distribution: Debian, Ubuntu
Posts: 3

Rep: Reputation: 0
Hmm - normally suid should work. But could it be that the filesystem has been mounted with the nosuid option - perhaps indirectly by an option like 'user'? Or maybe you have layered filesystems with eg. unionfs?

You could try to move your test suid program to the root partition - eg. /tuid - the root partition will normally let suid work.

You should have other suid programs - like /bin/su and /usr/bin/sudo. You can find more with 'find / -perm -4000 -print'. Do they work? If so, try putting your tuid program in the same directory - eg. /bin/tuid and see if it works there.

/Anders
 
Old 11-28-2008, 07:49 AM   #3
Bob Lawson
LQ Newbie
 
Registered: Nov 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Bingo! That was it. I did not do the original setup and so missed
that. The file systems were mounted nosuid.

Thanks apilegaard

Bob
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Red Hat Enterprise Linux 5 Release Date? keysorsoze Red Hat 5 03-01-2007 08:15 PM
Login Screen not working. Red Hat Enterprise Linux 3 WS Dan37290 Linux - Enterprise 0 11-03-2006 04:07 PM
what last version/release of Red Hat enterprise Linux AS? xcore_on Linux - Newbie 1 05-11-2006 04:28 AM
Red Hat Linux Enterprise release 3 kernel version Minnie Nguyen Linux - Enterprise 1 01-29-2006 02:28 PM
Problem in installing java in "Red Hat Enterprise Linux ES release 4" raajesh_ak Linux - Newbie 2 12-27-2005 03:55 AM


All times are GMT -5. The time now is 10:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration