LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-09-2004, 01:48 PM   #1
joanq
LQ Newbie
 
Registered: Oct 2003
Distribution: Debian
Posts: 6

Rep: Reputation: 0
problem with SUID bit


Hello,

I'm trying to do a simple thing using the SUID bit but I'm having problems with it.
Here it goes:

$ whoami
joan
$ groups
joan disk cdrom floppy audio src users
$ ls -l cat_squid_conf.sh
-r-sr-x--- 1 root joan 48 2004-04-09 19:33 cat_squid_conf.sh
$ cat cat_squid_conf.sh
#!/bin/sh
cat /etc/squid.conf
$ ls -l /etc/squid.conf
-rw------- 1 root root 113171 2004-04-09 18:50 /etc/squid.conf
$ ./cat_squid_conf.sh
cat: /etc/squid.conf: Permission denied

Anybody knows why this script is not running as root?

Thanks in advance !!

Joan
 
Old 04-09-2004, 02:13 PM   #2
NarutoKun
Member
 
Registered: Jan 2004
Location: Puchong, Selangor, Malaysia
Posts: 38

Rep: Reputation: 15
First of all u don't need 2 run it as root. you could run it as a normal user.
The reason you're unable to execute it is because the file is not executable.
2 solutions:

1) chmod 755 cat_squid_conf.sh ( since the file belongs 2 root u have to run this command as root - log in or su to root and run this command)
2) ./cat_squid_conf.sh

OR

1) bash cat_squid_conf.sh

Cheers.
 
Old 04-09-2004, 02:29 PM   #3
joanq
LQ Newbie
 
Registered: Oct 2003
Distribution: Debian
Posts: 6

Original Poster
Rep: Reputation: 0
I'm not running it as root, but as joan ($ whoami ----> joan), member of joan's group ($ groups -----> joan...).

And cat_squid_conf.sh is executable ($ ls -l cat_squid_conf.sh -----> -r-sr-x--- ...). That means that the file's user (root) can read and execute, and members of group joan can read and execute. The 's' means that it should run with root privilegies, so it shouldn't be problems in reading squid.conf file... But there are...

Thank you for the effort.
 
Old 04-09-2004, 02:47 PM   #4
NarutoKun
Member
 
Registered: Jan 2004
Location: Puchong, Selangor, Malaysia
Posts: 38

Rep: Reputation: 15
Hahahhahaha.... sorry. Too sleepy already. I mistook the last ls -l output for your scripts permission
check 2 things.
1 the file /etc/squid.conf exist. and you could try the command "/etc/squid.conf"
2 where is the script located? what is pwd? is it mounted from another filesystem? if that is the case you need the "exec" option in your mount command to run scripts on other mounted filesystems other than root.

Sorry as I don't check back at posts often to reply. So if u need n e further help kelvinlai at veryfast.biz

Note :
You should try not to run your scripts as root. It posses a big security prob SUID is a no no whenever possible N e way the squid.conf file is readable by everyone so why do you wanna run your script as root anyway.

Cheers
 
Old 04-09-2004, 02:50 PM   #5
NarutoKun
Member
 
Registered: Jan 2004
Location: Puchong, Selangor, Malaysia
Posts: 38

Rep: Reputation: 15
ok. here a final help.

cat /etc/squid.conf -> if no error then continue with
echo "cat /etc/squid.conf" > myscp
chmod 755 myscp
./myscp -> if this doesn't work, biggest possibility is the filesystem is mounted with noexec. you need to mount it with exec.

Cherrio
 
Old 04-09-2004, 03:14 PM   #6
joanq
LQ Newbie
 
Registered: Oct 2003
Distribution: Debian
Posts: 6

Original Poster
Rep: Reputation: 0
- File /etc/squid.conf exists: $ ls -l /etc/squid.conf ------> -rw------- 1 root root 113171 2004-04-09 18:50 /etc/squid.conf so it exists.

- command /etc/squid.conf is impossible, because squid.conf is a text file. I only want to see it.

- the script is located at the active directory of user joan.

- The filesystem is the same for squid.conf and cat_squid_conf.sh. This is the root (/) filesystem and it isn't mounted with noexec: /dev/hda6 on / type ext3 (rw,errors=remount-ro)

- I'm making this script to let a user different than root to read file squid.conf. I don't think this is a security problem, because the script can only be changed by root, and can only be readed/executed by members of group 'joan'. This way I prevent other users from accessing the contents of squid.conf.

Thanks for the help, but this doesn't solve the problem...
 
Old 04-09-2004, 03:56 PM   #7
NarutoKun
Member
 
Registered: Jan 2004
Location: Puchong, Selangor, Malaysia
Posts: 38

Rep: Reputation: 15
For security reasons the kernel level has disabled the setuid for scripts

Since you want to limit the access of squid.conf file then maybe u could use acl. use setfacl to set the permission so that rw for root and r for group joan. If you don't want to use acl (access control list) then try sudo.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
suid bit on an executable is ignored during boot process. rob_of_ownsboro Linux - General 3 11-22-2005 01:34 PM
SUID bit on executables doesn't work?! Silverjam Linux - Security 7 11-02-2004 10:10 PM
Suid bit behavior winsnomore Linux - Software 1 05-30-2004 04:49 PM
SUID file drops suid bit on append? c_coder Programming 1 03-12-2004 08:59 AM
How do I check the SUID bit? WeNdeL Linux - Newbie 4 12-20-2002 02:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration