Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: suid sgid problem in script
Top Forums UNIX for Dummies Questions & Answers suid sgid problem in script Post 302405725 by wakatana on Friday 19th of March 2010 06:18:50 PM
Old 03-19-2010
suid sgid problem in script
hi I have problem with understanding setuid and setgid

in system I have following users:
Code:
$id -a marek
uid=1001(marek) gid=1001(marek) groups=1001(marek),1002(uzivatelia)

$id -a cepi
uid=1000(cepi) gid=1000(cepi) groups=1000(cepi),4(adm),20(dialout),24(cdrom),46(plugdev),104(lpadmin),115(admin),120(sambashare),123(ftp),1002(uzivatelia)

$id -a tux
uid=1002(tux) gid=1003(tux) groups=1003(tux)


1st.

I have following simple script, for which I set up suid.
Code:
#!/bin/bash
if [ "$(id -u)" != "1001" ]; then
   echo "This script must be run as marek" 1>&2
   #exit 1
fi

ls -l /home/marek
echo $EUID

Code:
chmod u+s /tmp/setuid_script.sh 
$ ls -l /tmp/setuid_script.sh 
-rwSr-xr-x 1 marek marek 227 2010-03-19 20:58 /tmp/setuid_script.sh

Please consider following rights on /home/marek which is called in script
(chmod 700)
Code:
$ls -l /home/
total 16
drwxr-xr-x 60 cepi  cepi  4096 2010-03-19 22:32 cepi
drwx------  2 ftp   ftp   4096 2010-03-19 19:52 ftp
drwx------  2 marek marek 4096 2010-03-19 22:35 marek
drwxr-xr-x  2 tux   tux   4096 2010-03-19 23:00 tux

Now when I run script

as user tux
Code:
$ /tmp/setuid_script.sh 
This script must be run as root
ls: cannot open directory /home/marek: Permission denied
1002

as user cepi
Code:
/tmp/setuid_script.sh 
This script must be run as root
ls: cannot open directory /home/marek: Permission denied
1000

Why script is not running with marek's privileges and don't display contents of marek's home ?


2nd Why I am not possible to set guid for particular file ?

as marek
Code:
$chmod g+s /tmp/setuid_script.sh 
$ ls -l /tmp/setuid_script.sh 
-rw-r-xr-x 1 marek marek 227 2010-03-19 20:58 /tmp/setuid_script.sh

Thank you
 

10 More Discussions You Might Find Interesting

1. Programming

SUID bit???

Hi all I'm getting file info through stat( char *filename, struct stat *buf) Taking all the file attributes to buf->st_mode, How can i check the suid bit in there, if suid bit mask is 0004000?? Thank you all (1 Reply)
Discussion started by: solvman
1 Replies

2. Cybersecurity

suid files???

Hi all, Where can i find list of suid and gid files common for the system, let's say RedHat 7.1? Thank you all Regards :D (1 Reply)
Discussion started by: solvman
1 Replies

3. UNIX for Dummies Questions & Answers

what is suid ?

what is SUID ? can someone explain or point me to a link ? thanks simon2000 (2 Replies)
Discussion started by: simon2000
2 Replies

4. Solaris

SUID and SGID searching...

Hi all, Thanks for all replays and for reading in advance (as per usual) Anyhow I have been asked to come up with a list of programs that have SUID root permissions and also for any programs with SGID permissions. Has anyone got any idea with out going through each program indiviually how I... (2 Replies)
Discussion started by: B14speedfreak
2 Replies

5. UNIX for Advanced & Expert Users

SUID not working

Hi Senario: I have previleges to edit a file F but User B does not have sufficient privs to edit it. In order for B to edit it I tried an indirect way. I created a script to edit F and SUID this script so that B can execute it with the privs of me. But this is not working . can some one help... (3 Replies)
Discussion started by: Pankaj Mishra
3 Replies

6. UNIX for Dummies Questions & Answers

sgid suid help --need clarification

I'm writing this command/script to allow students to vi a private file of mine in a private directory of mine. chmod 700 dir chmod 660 file however since i own the directory and file; the script has to be ran by me so to speak, im just not sure how to set about doing this. the script is... (5 Replies)
Discussion started by: StrengthThaDon
5 Replies

7. UNIX for Advanced & Expert Users

Weird SUID issue

Hi, I am setting up SUID permissions on a binary. It gets set for most of the users, however, 1 in 10 users is unable to set these. For those who works: > chmod 6555 Test > ls -l Test -r-sr-sr-x 1 A B 5524 Nov 15 14:53 Test For those where it doesn't work: > chmod 6555 Test... (14 Replies)
Discussion started by: vibhor_agarwali
14 Replies

8. Cybersecurity

the SUID of lpq

Hello My system is Debian-503-amd64. After I installed the "lpr" package, I found that some files with SUID bit come from this package. As: ls -l /usr/bin/lp* .... -rwsr-sr-x 1 root lp 31800 2008-05-20 /usr/bin/lpq -rwsr-sr-x 1 root lp 28504 2008-05-20 /usr/bin/lpr -rwsr-sr-x 1... (1 Reply)
Discussion started by: ZR_Lang
1 Replies

9. AIX

Why /bin/su permission with SUID?

Dear all experts in this forum, I have faced a audit issue as auditor told that we should not have SUID on /bin/su. As I have checked using Google, I found most of the site only telling that /bin/su should have the permission bit as -rwsr-xr-x but never explain why /bin/su need this permission... (4 Replies)
Discussion started by: kwliew999
4 Replies

10. UNIX for Dummies Questions & Answers

Difference between inbuilt suid programs and user defined root suid programs under bash shell?

Hey guys, Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries. However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies

LEARN ABOUT OPENDARWIN

setegid

SETUID(2)						      BSD System Calls Manual							 SETUID(2)

NAME

     setuid, seteuid, setgid, setegid -- set user and group ID

SYNOPSIS

     #include <sys/types.h>
     #include <unistd.h>

     int
     setuid(uid_t uid);

     int
     seteuid(uid_t euid);

     int
     setgid(gid_t gid);

     int
     setegid(gid_t egid);

DESCRIPTION

     The setuid() function sets the real and effective user IDs and the saved set-user-ID of the current process to the specified value.  The
     setuid() function is permitted if the effective user ID is that of the super user, or if the specified user ID is the same as the effective
     user ID.  If not, but the specified user ID is the same as the real user ID, setuid() will set the effective user ID to the real user ID.

     The setgid() function sets the real and effective group IDs and the saved set-group-ID of the current process to the specified value.  The
     setgid() function is permitted if the effective user ID is that of the super user, or if the specified group ID is the same as the effective
     group ID.	If not, but the specified group ID is the same as the real group ID, setgid() will set the effective group ID to the real group
     ID.

     The seteuid() function (setegid()) sets the effective user ID (group ID) of the current process.  The effective user ID may be set to the
     value of the real user ID or the saved set-user-ID (see intro(2) and execve(2)); in this way, the effective user ID of a set-user-ID exe-
     cutable may be toggled by switching to the real user ID, then re-enabled by reverting to the set-user-ID value.  Similarly, the effective
     group ID may be set to the value of the real group ID or the saved set-user-ID.

RETURN VALUES

     Upon success, these functions return 0; otherwise -1 is returned.

     If the user is not the super user, or the uid specified is not the real, effective ID, or saved ID, these functions return -1.

SEE ALSO

     getuid(2), getgid(2)

STANDARDS

     The setuid() and setgid() functions are compliant with the ISO/IEC 9945-1:1990 (``POSIX.1'') specification with _POSIX_SAVED_IDS defined,
     with the extensions allowed in section B.4.2.2.  The seteuid() and setegid() functions are extensions based on the POSIX concept of
     _POSIX_SAVED_IDS, and have been proposed for a future revision of the standard.

4.2 Berkeley Distribution					   June 4, 1993 					 4.2 Berkeley Distribution
All times are GMT -4. The time now is 04:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy