can't write to a file as non root having setuid
On RHEL 5 upadte 3, I am seeing the following issue
#mkdir /newdir #touch /newdir/file1 #chmod 06777 /newdir/file1 #su newuser $dd if=/dev/null of=/newdr/file1 dd: opening '/newdir/file1': Operation not permitted The result is same even with selinux disabled. This used to work on older releases clearing the setuid/setgid after the write. wondering whether it is an intended change or a bug. |
First, do a ls -l (lowercase "L") and see if the permissions are correct.
Skuzye |
The permissions are correct and it is -rwsrwsrwx. As I mentioned the same steps works fine with rhel5 update 2, the issue is only with update 3.
|
06777 doesn't exist. 0677 is OK, and 6777 too; I suppose the latter is your actual intent.
Yves. |
both 06777 and 6777 works the same for chmod.
# chmod 06777 /newdir/file1 # ls -l /newdir/file2 -rwsrwsrwx 1 6777 root 0 Feb 10 09:30 /newdir/file1 |
Perhaps a silly question, but does newuser have access to the /newdir directory itself? What are the permissions for /newdir?
|
Yes.
# ls -ld /newdir/ drwxrwxrwx 2 root root 4096 Feb 10 09:30 /newdir/ # ls -l /newdir/file1 -rwsrwsrwx 1 6777 root 0 Feb 10 05:16 /newdir/file1 |
This issue is due to RHEL5.3 patch BZ#463687 [kernel: open() call allows setgid bit when user is not in new file's group].
|
All times are GMT -5. The time now is 12:19 PM. |