10 More Discussions You Might Find Interesting
1. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
2. Solaris
I have a user AAA who's who is part of a group call clserv and techsupp, His userfiles have the following permissions:-
drwxrwx--- 16 AAA clserv 1858 Aug 22 12:48 UserFiles
he has a link in his UserFiles/
lrwxrwxrwx 1 root root 36 Mar 9 2013 TECHSUPP_GLOBAL... (5 Replies)
Discussion started by: kilobyter
5 Replies
3. UNIX for Dummies Questions & Answers
While I was looking for tips for hardening the security of my MAC OSX I found the following posting:
"<How to disable Setuid and Setgid Binaries >
Setuid programs run with the privileges of the file's owner
(which is often root), no matter which user executes them.
Bugs in these programs... (6 Replies)
Discussion started by: Vera
6 Replies
4. UNIX for Dummies Questions & Answers
Hi all!
I have a folder with permissions 2770 (SETGID)
drwxrws--- 2 loguser admins 5 Mar 17 11:11 mydir
Inside that folder there are some files with permissions 0640:
-rw-r----- 1 loguser admins 0 Mar 17 11:11 monday.log
-rw-r----- 1 loguser admins ... (2 Replies)
Discussion started by: verdepollo
2 Replies
5. Solaris
hi..
why we go for setuid, setgid permissions?
as a system admin ,when we use this ,except default solaris setuid,setgid files and dirs..
hopes that anyone can help me regarding this.. (1 Reply)
Discussion started by: saravananpalani
1 Replies
6. UNIX for Dummies Questions & Answers
could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies
7. Shell Programming and Scripting
About System and Perl: Sun Solaris 5.9 sparc, Perl 5.6.1
I've decided to use the perl file::find module to look for all the SETUID and SETGID files on my unix boxes. I wrote something like this: (I've shorted it a little to make it simple)
#!/opt/perl/bin/perl
use File::Find;
find... (1 Reply)
Discussion started by: x96riley3
1 Replies
8. Programming
I have a setuid to root program that has now to be changed to setuid to oracle depending on who is running it. Oracle has only two groups, dba (primary) and osgrp1 (secondary). But running 'id' if oracle shows all the secondary groups belonging to root, and only dba or osgrp1 as the primary group... (2 Replies)
Discussion started by: blowtorch
2 Replies
9. UNIX for Dummies Questions & Answers
Hi,
I have been looking at setuid and setgid.
I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?!
But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere..
Any help... (1 Reply)
Discussion started by: crispy
1 Replies
10. UNIX for Advanced & Expert Users
I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script.
The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable.
The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies
SETUID(1) General Commands Manual SETUID(1)
NAME
setuid - run a command with a different uid.
SYNOPSIS
setuid username|uid command [ args ]
DESCRIPTION
Setuid changes user id, then executes the specified command. Unlike some versions of su(1), this program doesn't ever ask for a password
when executed with effective uid=root. This program doesn't change the environment; it only changes the uid and then uses execvp() to find
the command in the path, and execute it. (If the command is a script, execvp() passes the command name to /bin/sh for processing.)
For example,
setuid some_user $SHELL
can be used to start a shell running as another user.
Setuid is useful inside scripts that are being run by a setuid-root user -- such as a script invoked with super, so that the script can
execute some commands using the uid of the original user, instead of root. This allows unsafe commands (such as editors and pagers) to be
used in a non-root mode inside a super script. For example, an operator with permission to modify a certain protected_file could use a
super command that simply does:
cp protected_file temp_file
setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
cp temp_file protected_file
(Note: don't use this example directly. If the temp_file can somehow be replaced by another user, as might be the case if it's kept in a
temporary directory, there will be a race condition in the time between editing the temporary file and copying it back to the protected
file.)
AUTHOR
Will Deich
local SETUID(1)