LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-17-2011, 02:51 PM   #1
hmadhi
LQ Newbie
 
Registered: Jul 2006
Posts: 6

Rep: Reputation: 0
setuid program owned by non-root user


I have a setuid program (getpwd) that runs as expected only when owned by root.

ie
-rwsr-xr-x 1 root root 7981 2011-11-17 18:28 getpwd*

In other words when my program is executed on the command line by user "alice" all works file

The program opens a file in directory /home/secure and print the contents to screen.

eg

alice@devbox:/home/alice/tmp$ ./getpwd
setuid is working


However when I change the ownership and set setuid of the file:

chown secure:users getpwd
chmod 4755 getpwd

-rwsr-xr-x 1 secure users 7981 2011-11-17 18:28 getpwd*

The program does not run when executed as user "alice".
eg

alice@devbox:/home/alice/tmp$ ./getpwd
cannot open file /home/secure/test ...

Why is this happening.
 
Old 11-17-2011, 04:04 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Quote:
cannot open file /home/secure/test ..
Does the file exist?
 
Old 11-18-2011, 12:15 AM   #3
hmadhi
LQ Newbie
 
Registered: Jul 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Noway2 View Post
Does the file exist?
Yes the file exists.

ls -ld /home/ /home/secure/
drwx--x--x 2 secure users 280 Nov 18 11:16 /home/secure/

ls -ld /home/secure/*
-rw------- 1 secure users 33 Nov 15 14:35 /home/secure/test


This is correct as only user secure should be able to read the file.

Last edited by hmadhi; 11-18-2011 at 03:29 AM.
 
Old 11-18-2011, 02:30 PM   #4
dev102
LQ Newbie
 
Registered: Nov 2011
Location: East Coast
Distribution: RedHat
Posts: 14

Rep: Reputation: Disabled
That's because you changed the ownership after setuid is set!

Change the ownership of the file first, set what the owner can do then and only then set the setuid

What i mean on the 2nd clause is if owner is suppose to execute the file give it (x) permissions.

http://www.cyberciti.biz/faq/unix-bs...x-setuid-file/

If setuid bit turned on a file, user executing that executable file gets the permissions of the individual or group that owns the file.


**********************************
If i answered your question, say so
***********************************
 
Old 11-22-2011, 01:33 AM   #5
hmadhi
LQ Newbie
 
Registered: Jul 2006
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by dev102 View Post
That's because you changed the ownership after setuid is set!

Change the ownership of the file first, set what the owner can do then and only then set the setuid

What i mean on the 2nd clause is if owner is suppose to execute the file give it (x) permissions.

http://www.cyberciti.biz/faq/unix-bs...x-setuid-file/

If setuid bit turned on a file, user executing that executable file gets the permissions of the individual or group that owns the file.


**********************************
If i answered your question, say so
***********************************
Aah

Thanks, Makes perfect sense
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why won't redhat 4/5 cron run my setuid root program? wingram77090 Programming 4 02-24-2010 07:38 PM
User Home Directory now owned bt Root AndeAnderson Linux - Newbie 4 10-09-2009 03:52 PM
How can I have a script owned as root and run as root by a user: setuid? stickey bit? abefroman Linux - Newbie 9 04-19-2008 05:15 PM
smbmount- everything is owned by root? can I make it another user? Rotwang Linux - Networking 2 10-02-2007 11:42 PM
Make a file owned by root owned by a user sharpie Linux - Newbie 2 02-26-2004 01:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration