LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-18-2015, 04:24 PM   #1
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,301
Blog Entries: 4

Rep: Reputation: 148Reputation: 148
suid conflicts from files where sticky bit is set Vs /etc/fstab


I'm working with an Oracle DBA and we are trying to get Oracle Enterprise Manager to work by having sticky bit set on certain files.

There are a number of files that it needs to work with and the sticky bit is set on those files, and yet it still doesn't work.


Code:
[root@server1 bin]# ll nm*
-rws--s--- 1 root   dba 28087 Jun 21  2012 nmb  <---
-rwxr-xr-x 1 oracle dba     0 Aug 13  2009 nmb0
-rwxr-xr-x 1 oracle dba 28087 Jun 21  2012 nmb.0
-rwxr-xr-x 1 oracle dba  9755 Aug  7  2009 nmcbufp
-rwxr-xr-x 1 oracle dba 69611 Jun 21  2012 nmei
-rwxr-xr-x 1 oracle dba     0 Aug 13  2009 nmei0
-rws--x--- 1 root   dba 80525 Jun 21  2012 nmhs  <---
-rwxr-xr-x 1 oracle dba     0 Aug 13  2009 nmhs0
-rwxr-xr-x 1 oracle dba 80525 Jun 21  2012 nmhs.0
-rws--s--- 1 root   dba 34795 Jun 21  2012 nmo  <---
-rwxr-xr-x 1 oracle dba     0 Aug 13  2009 nmo0
-rwxr-xr-x 1 oracle dba 34795 Jun 21  2012 nmo.0
-rwxr-xr-x 1 oracle dba 32461 Jun 21  2012 nmocat
-rwxr-xr-x 1 oracle dba     0 Aug 13  2009 nmocat0
-rwxr-xr-x 1 oracle dba 55402 Jun 21  2012 nmosudo
-rwxr-xr-x 1 oracle dba     0 Aug 13  2009 nmosudo0
-rwxr-xr-x 1 oracle dba 21526 Jun 21  2012 nmupm
-rwxr-xr-x 1 oracle dba     0 Aug 13  2009 nmupm0
[root@server1 bin]# pwd
/ora/app/oracle/product/11.2.0/db_1/bin

[root@server1 bin]#
Looking around online, we noticed that removing nosuid for a directory under /etc/fstab and running

Code:
remount -o remount /ora/
Fixed the issue and now OEM works ok.

I'm not sure, because I want to set the sticky bit for various individual files so that the sticky bit is set only on those files Vs opening up for a whole partition and having the chance that there are other files that have the sticky bit set on them and running the risk that someone could do something bad against them.

So if someone could explain how the sticky bit works on a partition from /etc/fstab Vs individual files works...

thanks
 
Old 08-18-2015, 09:51 PM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,843

Rep: Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472
The fstab doesn't come into it unless the option nosgid is there.

And remounting doesn't do anything either.

OEM itself may have some internal checks that will do that.
 
Old 08-19-2015, 06:58 AM   #3
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,301

Original Poster
Blog Entries: 4

Rep: Reputation: 148Reputation: 148
Quote:
Originally Posted by jpollard View Post
The fstab doesn't come into it unless the option nosgid is there.
Then why have nosuid set there at fstab if it doesn't come into play?
 
Old 08-19-2015, 07:47 AM   #4
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,843

Rep: Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472
Quote:
Originally Posted by JockVSJock View Post
Then why have nosuid set there at fstab if it doesn't come into play?
It is up to the administrator. setgid is considered a security weakness. For me, any filesystem that can be written to by a user should have several things disabled - setuid, setgid, nodev... Even if a file manages to get the flags set... they don't work.

In this case though, it wasn't indicated that it was disabled in the fstab.

BTW, it isn't called the "sticky bit" - that is a different flag with a different purpose.
 
Old 08-19-2015, 10:15 PM   #5
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,301

Original Poster
Blog Entries: 4

Rep: Reputation: 148Reputation: 148
Quote:
Originally Posted by jpollard View Post
BTW, it isn't called the "sticky bit" - that is a different flag with a different purpose.
Yes, your right. Thanks for correcting me.

So if suid, sgid, and nodev are security flaws, are these being phased out of Linux?
 
Old 08-20-2015, 06:22 AM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,843

Rep: Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472
suid, sgid, and nodev are there to provide security controls. All are used, but should not necessarily be available to general users.

As it stands now, it would be possible to eliminate devices from general filesystems - devices are supported by devtmpfs for most systems. Yet, some embedded will still use an ext[234] for /dev. And that prevents removal.

suid is used by administrators to provide access to privileged functions (such as password changing...) so it can't be removed from filesystems used for system binaries.... but that doesn't mean a user should be allowed to give away THEIR account to someone else... Same goes for sgid (used by some services to allow for shared locks, though that usage is fading).
 
  


Reply

Tags
/etc/fstab, sticky bit, suid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Significance/reason of using SUID, SGIDand Sticky bit ? tofee Linux - Newbie 3 08-22-2012 07:56 AM
Problem with SUID, SGID and Sticky Bit kinamedebo Linux - Newbie 5 02-26-2010 08:27 AM
what are suid , sgid and sticky bit ? kishor2489 Linux - Newbie 1 01-28-2010 11:28 PM
set uid and sticky bit question. awaiz Red Hat 5 12-08-2006 12:08 AM
ProFTPD: Set umask so that directories are created with 'sticky bit' on. dutch2005 Linux - Software 1 09-06-2005 06:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration