Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Disable Setuid in HP-UX
Operating Systems HP-UX Disable Setuid in HP-UX Post 302446662 by Ikon on Thursday 19th of August 2010 09:49:48 AM
Old 08-19-2010
root has access to run anything. Use sudoers and only allow the users to run specific commands and dont allow root access.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

setuid

I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script. The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable. The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies

2. UNIX for Dummies Questions & Answers

Using setuid and setgid

Hi, I have been looking at setuid and setgid. I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?! But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere.. Any help... (1 Reply)
Discussion started by: crispy
1 Replies

3. UNIX for Advanced & Expert Users

cc, setuid, and LD_LIBRARY_PATH

Hi, This question deals with Solaris 2.8 and setuid programs. From research I've done so far, setuid programs ignore LD_LIBRARY_PATH; I've proven this and am OK with it. The thing I am not certain of how the C compiler is supposed to behave when it is invoked via a setuid program. Basically,... (0 Replies)
Discussion started by: WolfBoy
0 Replies

4. UNIX for Dummies Questions & Answers

setuid

could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies

5. Solaris

setuid and guid

Hi All, Can someone give me some info about setuid or guid topic? Also about sticky bit. Thanks in advance, itik (9 Replies)
Discussion started by: itik
9 Replies

6. Shell Programming and Scripting

How to disable Enable/Disable Tab Key

Hi All, I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:( Thanks, Rico (1 Reply)
Discussion started by: carnegiex
1 Replies

7. Solaris

Need help with setuid.

Hi Gurus, I need your suggestions,to implement setuid. Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies

8. Red Hat

SSL/TLS renegotiation DoS -how to disable? Is it advisable to disable?

Hi all Expertise, I have following issue to solve, SSL / TLS Renegotiation DoS (low) 222.225.12.13 Ease of Exploitation Moderate Port 443/tcp Family Miscellaneous Following is the problem description:------------------ Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies

9. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

10. Shell Programming and Scripting

Setuid usage

I'm trying - as an ordinary user - to create a file in the root directory of my system. For that purpose I wrote a simple script that echoes a string into a file. I made the file executable, used sudo to change ownership to root. Like this: $ cat hello #!/bin/bash echo hello > /hello $... (5 Replies)
Discussion started by: Ralph
5 Replies

LEARN ABOUT SUSE

wpa_priv

WPA_PRIV(8)															       WPA_PRIV(8)

NAME

       wpa_priv - wpa_supplicant privilege separation helper

SYNOPSIS

       wpa_priv [ -c ctrl path ] [ -Bdd ] [ -P pid file ] [ driver:ifname [driver:ifname ...] ]

OVERVIEW

       wpa_priv is a privilege separation helper that minimizes the size of wpa_supplicant code that needs to be run with root privileges.

       If  enabled,  privileged operations are done in the wpa_priv process while leaving rest of the code (e.g., EAP authentication and WPA hand-
       shakes) to operate in an unprivileged process (wpa_supplicant) that can be run as non-root user. Privilege separation restricts the effects
       of  potential  software	errors by containing the majority of the code in an unprivileged process to avoid the possibility of a full system
       compromise.

       wpa_priv needs to be run with network admin privileges (usually, root user). It opens a UNIX domain  socket  for  each  interface  that	is
       included on the command line; any other interface will be off limits for wpa_supplicant in this kind of configuration. After this, wpa_sup-
       plicant can be run as a non-root user (e.g., all standard users on a laptop or as a special non-privileged user account	created  just  for
       this purpose to limit access to user files even further).

EXAMPLE CONFIGURATION

       The following steps are an example of how to configure wpa_priv to allow users in the wpapriv group to communicate with wpa_supplicant with
       privilege separation:

       Create user group (e.g., wpapriv) and assign users that should be able to use wpa_supplicant into that group.

       Create /var/run/wpa_priv directory for UNIX domain sockets and control user access by setting it accessible only for the wpapriv group:

	      mkdir /var/run/wpa_priv
	      chown root:wpapriv /var/run/wpa_priv
	      chmod 0750 /var/run/wpa_priv

       Start wpa_priv as root (e.g., from system startup scripts) with the enabled interfaces configured on the command line:

	      wpa_priv -B -c /var/run/wpa_priv -P /var/run/wpa_priv.pid wext:wlan0

       Run wpa_supplicant as non-root with a user that is in the wpapriv group:

	      wpa_supplicant -i ath0 -c wpa_supplicant.conf

COMMAND ARGUMENTS

       -c ctrl path
	      Specify the path to wpa_priv control directory (Default: /var/run/wpa_priv/).

       -B     Run as a daemon in the background.

       -P file
	      Set the location of the PID file.

       driver:ifname [driver:ifname ...]
	      The <driver> string dictates which of the supported wpa_supplicant driver backends is to be used. To get a list of supported  driver
	      types see wpa_supplicant help (e.g, wpa_supplicant -h). The driver backend supported by most good drivers is wext.

	      The <ifname> string specifies which network interface is to be managed by wpa_supplicant (e.g., wlan0 or ath0).

	      wpa_priv	does  not use the network interface before wpa_supplicant is started, so it is fine to include network interfaces that are
	      not available at the time wpa_priv is started. wpa_priv can control multiple interfaces with one process, but it is also possible to
	      run multiple wpa_priv processes at the same time, if desired.

SEE ALSO

       wpa_supplicant(8)

LEGAL

       wpa_supplicant is copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> and contributors.  All Rights Reserved.

       This program is dual-licensed under both the GPL version 2 and BSD license. Either license may be used at your option.

								  16 January 2010						       WPA_PRIV(8)
All times are GMT -4. The time now is 07:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy