LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-14-2010, 04:45 AM   #1
Andantino
LQ Newbie
 
Registered: Jul 2010
Location: Finland
Posts: 3

Rep: Reputation: 0
Question setting group ID for executable file working under Solaris but not under Linux


Hello,

Does anyone have any idea regarding what could be the problem here, i.e. why do I get "Permission denied"?

Code:
[andreas@loony /tmp]$ ls -al
total 40
drwxrwxrwt  4 root root   4096 Jul 14 10:28 .
drwxr-xr-x 28 root root   4096 May 18 10:55 ..
-rw-r--r--  1 root root   1696 Dec 17  2009 bar
drwxrwxrwt  2 root root   4096 May 18 10:55 .font-unix
drwxrwxrwt  2 root root   4096 May 18 10:55 .ICE-unix
-rwxr-sr-x  1 root tripdb   27 Jul 14 10:26 sas.sh
-rw-r-----  1 root tripdb   26 Jul 14 10:27 textfil.txt
[andreas@loony /tmp]$ ./sas.sh
cat: textfil.txt: Permission denied
[andreas@loony /tmp]$ cat sas.sh
#!/bin/sh

cat textfil.txt
[andreas@loony /tmp]$
Since the s-bit is set for the group for sas.sh, it should run with the permissions of the group tripdb, which has read rights to textfil.txt. However, it does not work on any of our Linux systems that I have tried it on. We also have one machine running Sun Solaris, and there exactly the same thing works.

SELinux is disabled, so that is not the problem.

It is RHEL and CentOS that I have tried it on.

Edit:
A colleague told me that this does not work for shell scripts (even though apparently it does work for shell scripts under Solaris). However, this is not the problem per se, because I discovered this problem when using a binary program that needs the s-bit feature. I only made the small shell script to make sure that I understand everything that is going on and that it is not the binary program that is behaving badly... but I do believe that the problem is not in the program but in the operating system.

Edit:
Set uid works. It is only set gid that does not work. That is, setting the s-bit for the owner works, but setting the s-bit for the group does not.

Last edited by Andantino; 07-14-2010 at 08:03 AM.
 
Old 07-14-2010, 08:18 AM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
You must have made a mistake with your program, the behaviour will succeed with a binary and fail with a script as it was designed to. SUID and SGID bits are ignored on scripts as allowing it would be a security risk.

eg.
Code:
# cp /bin/cat /tmp
# chmod g+s /tmp/cat
# ls -l /tmp/cat
-rwxr-sr-x. 1 root root 48292 2010-07-14 23:05 cat
# ls -l /tmp/test.txt
-rw-r-----. 1 root root 8 2010-07-14 23:06 /tmp/test.txt
$ /tmp/cat /tmp/test.txt
some garbage
$
cheers
 
1 members found this post helpful.
Old 07-14-2010, 08:52 AM   #3
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,003
Blog Entries: 5

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
This question reminded me of a product made by Cactus Software long ago that converted shell scripts into binaries.

On looking to see if there was any GNU stuff that does that now I found several references to shc. I haven't used it myself (yet) but you might want to look into it for your testing:
http://www.datsi.fi.upm.es/~frosal/

Note: If it works like the other software I saw it isn't really converting anything - its just running the commands from within the binary so it isn't any faster than the shell script it is based on. The average binary is normally than a shell script so just thought I point out this may not be the case for an shc binary.
 
Old 07-16-2010, 02:16 AM   #4
Andantino
LQ Newbie
 
Registered: Jul 2010
Location: Finland
Posts: 3

Original Poster
Rep: Reputation: 0
Thank you for the tips.

kbp is right. I tested it with cat as he suggested, and that works.

It is not my program and I do not even have the source code. I will probably have to contact the makers of the program.
 
Old 07-16-2010, 07:54 AM   #5
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,003
Blog Entries: 5

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
My point was that you can make the shell script into a binary and test it using shc. There is no "source" for a script - it is all in the script. If you already have a binary you don't need the source to do the sgid or suid as show by the cat test you did.
 
Old 07-21-2010, 05:40 AM   #6
Andantino
LQ Newbie
 
Registered: Jul 2010
Location: Finland
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by MensaWater View Post
My point was that you can make the shell script into a binary and test it using shc. There is no "source" for a script - it is all in the script. If you already have a binary you don't need the source to do the sgid or suid as show by the cat test you did.
Yes, I understood that, thank you. It is the third party binary program that I do not have the source code do. Therefore, I was unable to check why setting the s-bit worked with cat but not with the program I needed it to work with. For some reason, the solution was to add x-permission for "other" to the directories containing the files that the program needed to open. The files themselves do not need any permissions for "other", but the directories must have x-permission for "other".
 
  


Reply

Tags
permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
executable compiled on solaris 10 not working on solaris 9 ash_bit2k2 Solaris / OpenSolaris 3 05-20-2010 12:58 AM
Error 13: Invalid or unsupported executable format + solaris and linux lsanga099 Linux - Newbie 4 06-30-2008 07:10 AM
Setting group on file creation/edit deiussum Linux - Security 4 06-17-2005 04:50 PM
Setting group automatically upon file creation (local web development configuration) jht2k Linux - Newbie 1 02-11-2005 06:05 AM
Is setting a file to non executable secure as uncommenting lines in rc.M? BajaNick Linux - Security 2 01-29-2005 11:59 AM


All times are GMT -5. The time now is 12:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration