9 More Discussions You Might Find Interesting
1. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
2. Solaris
Hi Gurus,
I need your suggestions,to implement setuid.
Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies
3. UNIX for Dummies Questions & Answers
Hi all,
Ok, bear with me on this one, I am a bit new to Unix and it might take me a little bit of time to articulate my question.
I know that every process has a user id and an effective user id. This seems to include the shell itself, because when I type 'ps', I see 'bash' listed as a... (2 Replies)
Discussion started by: oddthingy
2 Replies
4. Solaris
Hi all,
I have a question to see if I understand the euid and uid attributes correctly for rbac (/etc/security/exec_attr):
All:
*
Audit Control:
/etc/init.d/audit euid=0, egid=3
/etc/security/bsmconv uid=0
/etc/security/bsmunconv uid=0
/usr/sbin/audit euid=0
/usr/sbin/auditconfig... (6 Replies)
Discussion started by: deadeyes
6 Replies
5. Red Hat
hi, can anyone tell me where can i find euid and egid from /proc file system in RHEL 4? i read stat file, but i got only uid and gid, and cudnot find any entry regarding euid and egid.please suggest...
thanks,
sanjay (2 Replies)
Discussion started by: sanjaykhuntia
2 Replies
6. Solaris
We have a Solaris box. I noticed that whenever any non-root user logins into the box and issues the command id the output is (for example) uid=42568(sam) gid=1245(sam) euid=0(root) egid=2(bin). I have not given any privileges to anyone explicitly. When I issued ls -l in the /usr/bin directory I... (1 Reply)
Discussion started by: chrisanto_2000
1 Replies
7. UNIX for Dummies Questions & Answers
could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies
8. UNIX for Advanced & Expert Users
Hi,
I have a program with the following suid setup
-rwsr-sr-x 1 root other 653 Aug 16 17:00 restart_server
It basically starts up a service that has to be started by root. I just want the normal users to be able to restart the service using the script above.
But when the... (7 Replies)
Discussion started by: 0ktalmagik
7 Replies
9. UNIX for Advanced & Expert Users
I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script.
The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable.
The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies
setuid(2) System Calls setuid(2)
NAME
setuid, setegid, seteuid, setgid - set user and group IDs
SYNOPSIS
#include <sys/types.h>
#include <unistd.h>
int setuid(uid_t uid);
int setgid(gid_t gid);
int seteuid(uid_t euid);
int setegid(gid_t egid);
DESCRIPTION
The setuid() function sets the real user ID, effective user ID, and saved user ID of the calling process. The setgid() function sets the
real group ID, effective group ID, and saved group ID of the calling process. The setegid() and seteuid() functions set the effective group
and user IDs respectively for the calling process. See intro(2) for more information on real, effective, and saved user and group IDs.
At login time, the real user ID, effective user ID, and saved user ID of the login process are set to the login ID of the user responsible
for the creation of the process. The same is true for the real, effective, and saved group IDs; they are set to the group ID of the user
responsible for the creation of the process.
When a process calls one of the exec(2) family of functions to execute a file (program), the user and/or group identifiers associated with
the process can change. If the file executed is a set-user-ID file, the effective and saved user IDs of the process are set to the owner of
the file executed. If the file executed is a set-group-ID file, the effective and saved group IDs of the process are set to the group of
the file executed. If the file executed is not a set-user-ID or set-group-ID file, the effective user ID, saved user ID, effective group
ID, and saved group ID are not changed.
If the {PRIV_PROC_SETID} privilege is asserted in the effective set of the process calling setuid(), the real, effective, and saved user
IDs are set to the uid argument. If the uid argument is 0 and none of the saved, effective or real UID is 0, additional restrictions
apply. See privileges(5).
If the {PRIV_PROC_SETID} privilege is not asserted in the effective set, but uid is either the real user ID or the saved user ID of the
calling process, the effective user ID is set to uid.
If the {PRIV_PROC_SETID} privilege is asserted in the effective set of the process calling setgid(), the real, effective, and saved group
IDs are set to the gid argument.
If the {PRIV_PROC_SETID} privilege is not asserted in the effective set, but gid is either the real group ID or the saved group ID of the
calling process, the effective group ID is set to gid.
RETURN VALUES
Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error.
ERRORS
The setuid() and setgid() functions will fail if:
EINVAL The value of uid or gid is out of range.
EPERM For setuid() and seteuid(), the {PRIV_PROC_SETID} privilege is not asserted in the effective set of the calling process and
the uid argument does not match either the real or saved user IDs, or an attempt is made to change to UID 0 and none of the
existing UIDs is 0, in which case additional privileges are required.
For setgid() and setegid(), the {PRIV_PROC_SETID} privilege is not asserted in the effective set and the gid argument does
not match either the real or saved group IDs.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Standard |
+-----------------------------+-----------------------------+
|MT-Level |Async-Signal-Safe |
+-----------------------------+-----------------------------+
SEE ALSO
intro(2), exec(2), getgroups(2), getuid(2), stat.h(3HEAD), attributes(5), privileges(5), standards(5)
SunOS 5.10 20 Jan 2003 setuid(2)