|
SUID working
Hello All,
I am trying to implement a small example to understand the working of SUID. Following is the test scenario: System : Ubuntu 12.04 Users: 1.)bhakti:x:1000:1000:bhakti,,,:/home/bhakti:/bin/bash 2.)hetal:x:1003:1000::/home/hetal:/bin/sh Groups : 1.)bhakti:x:1000: Following is the overview of test scenario: 1.)There is folder named "fold" in the directory /home/bhakti which is home directory of user "bhakti".It has 3 files a.txt,b.txt,c.txt each with permissions set to 664. bhakti@bhakti:~$ ls -l | grep fold drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold bhakti@bhakti:~$ ls -l fold total 12 -rw-rw-r-- 1 bhakti bhakti 6 Jun 13 20:23 a.txt -rw-rw-r-- 1 bhakti bhakti 12 Jun 13 20:23 b.txt -rw-rw-r-- 1 bhakti bhakti 120 Jun 13 20:24 c.txt 2.)There is a shell script named "two.sh" which lists all the files in the directory provided as command line argument. Shell script: for entry in "$1"/* do if [ ! -d "$entry" ];then echo "$entry" fi done 3.)The permissions of the file two.sh are set to 755 and then i have set the SETUID for this file using commands: chmod 755 two.sh chmod +s two.sh So the permissions of the file are as follows: bhakti@bhakti:~$ ls -l | grep two.sh -rwsr-sr-x 1 bhakti bhakti 81 Jun 13 22:49 two.sh 4.)Now i execte the script as user "bhakti" and following is the output: bhakti@bhakti:~$ ./two.sh fold fold/a.txt fold/b.txt fold/c.txt 5.)Next I switch the user to "hetal" and execute the same script and i get following result: hetal@bhakti:/home/bhakti$ whoami hetal hetal@bhakti:/home/bhakti$ pwd /home/bhakti hetal@bhakti:/home/bhakti$ ./two.sh fold fold/* hetal@bhakti:/home/bhakti$ The is unexpected since the concept says when SUID of a file is set any persons or processes that run the file have access to system resources as though they are the owner of the file. By setting the SUID of two.sh by the user "bhakti" , it is expected that any other user executing this file , executes it as if it is the owner of the file. The links that I have referred for understanding this concept are: http://www.comptechdoc.org/os/linux/..._ugfilesp.html http://www.codecoffee.com/tipsforlin...icles/028.html I hope i am not missing out something... Any guidance would be appreciated... Thanks in advance |
remember, the shell scripts never run by themselves. There is a shell interpreter (probably /bin/bash) which will try to execute the script. therefore setting setuid/setgid bits on a shell script have no meaning at all.
_____________________________________ If someone helps you, or you approve of what's posted, click the "Add to Reputation" button, on the left of the post. Happy with solution ... mark as SOLVED (located in the "thread tools") |
Hi pan64,
Firstly would thank you for ur guidance. I checked the permissions of /bin/bash which were set to 755 by default. What I did was set the setuid for /bin/bash using chmod +s /bin/bash So now , it would work like : Run two.sh from user "hetal" -> invokes /bin/bash(which has setuid bit set and has root as owner) -> try reading "fold" directory(whose permissions are set to 700) Following is the output: bash-4.2$ ls -l | grep fold drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold bash-4.2$ whoami hetal bash-4.2$ ./two.sh fold fold/* Now if I am understanding it right , since bash has setuid bit set any process running bash would run it as if it were root. This implies that now two.sh which is being executed is running as if "root" user and root being super user it can read contents of any directory. So in this case this output is invalid and it should list the directory contents. Then I tried one more thing: I set the permissions of folder "fold" to 744 Now repeated the same test.The result is : root@bhakti:/home/bhakti# ls -l | grep fold drwxr--r-- 2 bhakti bhakti 4096 Jun 13 20:24 fold root@bhakti:/home/bhakti# su hetal $ bash bash-4.2$ ./two.sh fold fold/a.txt fold/b.txt fold/c.txt This implies that I have to set the permission for "others" as Read for directory "fold" so that root user(belonging to a different group than that of creator "bhakti") can read it which is irrational . Also what i tried is output: Set the permissions of folder "fold" back to 700. Now run the file two.sh from "root" user. Following is the output root@bhakti:/home/bhakti# chmod 700 fold root@bhakti:/home/bhakti# ls -l | grep fold drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold root@bhakti:/home/bhakti# ./two.sh fold/ fold//a.txt fold//b.txt fold//c.txt Also , I observed , when i changed the bash setuid ; they way interpreter is presented changes from : hetal@bhakti:/home/bhakti$ to bash-4.2$ . I hope i am not confusing you ... Please guide if i am wrong at my concepts.... |
here is a small explanation: http://www.faqs.org/faqs/unix-faq/fa...section-7.html
here is another one: http://www.tuxation.com/setuid-on-shell-scripts.html _____________________________________ If someone helps you, or you approve of what's posted, click the "Add to Reputation" button, on the left of the post. Happy with solution ... mark as SOLVED (located in the "thread tools") |
Thanks ....i would delve into the details :)
|
| All times are GMT -5. The time now is 11:09 AM. |