LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   setuid program owned by non-root user (https://www.linuxquestions.org/questions/linux-security-4/setuid-program-owned-by-non-root-user-914098/)

hmadhi 11-17-2011 02:51 PM

setuid program owned by non-root user
 
I have a setuid program (getpwd) that runs as expected only when owned by root.

ie
-rwsr-xr-x 1 root root 7981 2011-11-17 18:28 getpwd*

In other words when my program is executed on the command line by user "alice" all works file

The program opens a file in directory /home/secure and print the contents to screen.

eg

alice@devbox:/home/alice/tmp$ ./getpwd
setuid is working


However when I change the ownership and set setuid of the file:

chown secure:users getpwd
chmod 4755 getpwd

-rwsr-xr-x 1 secure users 7981 2011-11-17 18:28 getpwd*

The program does not run when executed as user "alice".
eg

alice@devbox:/home/alice/tmp$ ./getpwd
cannot open file /home/secure/test ...

Why is this happening.

Noway2 11-17-2011 04:04 PM

Quote:

cannot open file /home/secure/test ..
Does the file exist?

hmadhi 11-18-2011 12:15 AM

Quote:

Originally Posted by Noway2 (Post 4526896)
Does the file exist?

Yes the file exists.

ls -ld /home/ /home/secure/
drwx--x--x 2 secure users 280 Nov 18 11:16 /home/secure/

ls -ld /home/secure/*
-rw------- 1 secure users 33 Nov 15 14:35 /home/secure/test


This is correct as only user secure should be able to read the file.

dev102 11-18-2011 02:30 PM

That's because you changed the ownership after setuid is set!

Change the ownership of the file first, set what the owner can do then and only then set the setuid

What i mean on the 2nd clause is if owner is suppose to execute the file give it (x) permissions.

http://www.cyberciti.biz/faq/unix-bs...x-setuid-file/

If setuid bit turned on a file, user executing that executable file gets the permissions of the individual or group that owns the file.


**********************************
If i answered your question, say so
***********************************

hmadhi 11-22-2011 01:33 AM

Quote:

Originally Posted by dev102 (Post 4527805)
That's because you changed the ownership after setuid is set!

Change the ownership of the file first, set what the owner can do then and only then set the setuid

What i mean on the 2nd clause is if owner is suppose to execute the file give it (x) permissions.

http://www.cyberciti.biz/faq/unix-bs...x-setuid-file/

If setuid bit turned on a file, user executing that executable file gets the permissions of the individual or group that owns the file.


**********************************
If i answered your question, say so
***********************************

Aah

Thanks, Makes perfect sense


All times are GMT -5. The time now is 07:29 AM.