Script problem

Byronious · 11-27-2006, 04:05 PM

I'm currently working on creating a server/client setup (EDIT: This is using Fedora Core 4) for a class I am in. I have to write a script to remove a user from the /etc/passwd and /etc/shadow files as well as move their home directory to an /orphans directory. This file has to be run using the account named admin which is part of an administrators group that was created. Here is what my script looks like:

Quote:

read -p "Username: " username
grep -v $username /etc/passwd >> /etc/passwd.tmp
grep -v $username /etc/shadow >> /etc/shadow.tmp
mv -f /home/$username /orphans/$username
echo $username >> /var/log/deleted.log

The permissions look as follows:

Quote:

-rwsr-x---

The owner of the script is root, the group owner is administrators. I am receiving permission denieds for almost every change that is made by the script.

Any help appreciated.

matthewg42 · 11-27-2006, 04:18 PM

You'd do better to use "userdel"

Byronious · 11-27-2006, 04:22 PM

Quote:

Originally Posted by matthewg42

You'd do better to use "userdel"

Believe me I would, but it doesn't work when logged in as admin.

Byronious · 11-27-2006, 04:37 PM

Apparently my instructor just informed us that SUID doesn't work for whatever reason. Does anyone know why SUID would not work?

matthewg42 · 11-27-2006, 04:50 PM

The partition the script is on could be mounted with the nosuid flag.

Byronious · 11-27-2006, 05:13 PM

Where can I check this?

Not that it really matters now as we have been told we can run the script while logged into root, but for future reference it would be nice to know.

tvynr · 11-27-2006, 05:23 PM

Actually, I ran into this problem a while back. Turns out that bash ignores the SUID flag if the file is owned by root because it dissuades trivially vulnerable and rather dangerous security breaches.

Of course, it's not a very effective measure of protection; I personally think it's silly. But that's the way it is.

For my little project, I got around the problem by finding this code snippet on the web. It's a C program which is compiled and run SUID root. All it does is run the bash script in question, but that means that the bash script is being run by root, so that gets you around the problem (but definitely not through it).

Code:

int main (int argc, char** argv)
{
    setuid(0);
    seteuid(0);
    execl("/bin/bash", "bash", "/some/path/some/script.sh", 0);
}

Note that the above source snippet will not pass the program's arguments along to the bash script; you'd have to modify it to do that.

It's an ugly hack... I wouldn't recommend it for anything important and I'm not willing to swear by its safety at all. :-P

matthewg42 · 11-27-2006, 05:28 PM

Quote:

Originally Posted by Byronious

Where can I check this?

Not that it really matters now as we have been told we can run the script while logged into root, but for future reference it would be nice to know.

Try this command. If you see nosuid in the brackets at the end of the line, suid is not permitted for the device where that file/directory:

Code:

mount |fgrep $(df /path/to/your/file |tail -n 1 |cut -d" " -f 1)