Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Removing setuid option for security.
Top Forums UNIX for Dummies Questions & Answers Removing setuid option for security. Post 302472949 by Corona688 on Thursday 18th of November 2010 02:16:08 PM
Old 11-18-2010
There's some worryingly important things in there, like mount, ping, chage, crontab, and so forth. Just blindly removing the bits would probably be a disaster.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

setuid

I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script. The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable. The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies

2. UNIX for Dummies Questions & Answers

help removing dashes from social security number

I have a file containing social security numbers with the format ###-##-####. I need to read each record in this file, reformat the SSN to the format #########, and write the record with the reformatted SSN to a new file. I am a UNIX newbie. I think I need to use either the sed or awk commands, but... (2 Replies)
Discussion started by: Marcia P
2 Replies

3. UNIX for Dummies Questions & Answers

setuid

could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies

4. UNIX for Dummies Questions & Answers

No Password - - Setuid Only Option in Solaris 10

In Solaris 9, when I built users, there was an option for No Password -- Setuid Only. Now that I'm using Solaris 10, I no longer can find that option. Is there an equivalent option of No Password --Setuid Only in Solaris 10? Thanks, LeonD (1 Reply)
Discussion started by: leond
1 Replies

5. Shell Programming and Scripting

option followed by : taking next option if argument missing with getopts

Hi all, I am parsing command line options using getopts. The problem is that mandatory argument options following ":" is taking next option as argument if it is not followed by any argument. Below is the script: while getopts :hd:t:s:l:p:f: opt do case "$opt" in -h|-\?)... (2 Replies)
Discussion started by: gurukottur
2 Replies

6. Solaris

Removing ro option from zones

Hey all, I need to remove the ro option from an fs on a zone. Does anyone know how to do this without removing the fs and recreating it? fs: dir: /home/em23/prod special: /export/zones/em23/root/ftp/prod raw not specified type: lofs options: (1 Reply)
Discussion started by: em23
1 Replies

7. Solaris

setuid and guid

Hi All, Can someone give me some info about setuid or guid topic? Also about sticky bit. Thanks in advance, itik (9 Replies)
Discussion started by: itik
9 Replies

8. Shell Programming and Scripting

recently introduced to the newer option for find...does an older option exist?

To find all the files in your home directory that have been edited in some way since the last tar file, use this command: find . -newer backup.tar.gz Is anyone familiar with an older solution? looking to identify files older then 15mins across several directories. thanks, manny (2 Replies)
Discussion started by: mr_manny
2 Replies

9. Solaris

Need help with setuid.

Hi Gurus, I need your suggestions,to implement setuid. Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies

10. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

LEARN ABOUT OSF1

is_starting_egid

identity(3)						     Library Functions Manual						       identity(3)

NAME

       starting_luid,  starting_ruid, starting_euid, starting_rgid, starting_egid, is_starting_luid, is_starting_ruid, is_starting_euid, is_start-
       ing_rgid, is_starting_egid, set_auth_parameters, check_auth_parameters - Get or check user or group IDs (Enhanced Security)

LIBRARY

       Security Library (libsecurity.so)

SYNOPSIS

       #include <sys/types.h> #include <sys/security.h> #include <prot.h>
       uid_t starting_luid(void);
       uid_t starting_ruid(void);
       uid_t starting_euid(void);
       uid_t starting_rgid(void);
       uid_t starting_egid(void);
       int is_starting_luid(	  uid_t uid);
       int is_starting_ruid(	  uid_t uid);
       int is_starting_euid(	  uid_t uid);
       int is_starting_rgid(	  uid_t gid);
       int is_starting_egid(	  uid_t gid);
       void set_auth_parameters(      int argc,      char *argv[]);
       void check_auth_parameters(void);

Parameters
       Specifies the process's user ID.  Specifies the process's group ID.  Specifies the argument count.

DESCRIPTION

       The identity functions provide a way to recall the IDs of a process at the time the program started.  They are  useful  when  interrogating
       the invoking environment of a program after any setuid() or setgid() calls have been made so that the original environment can be captured.

       The  starting_luid()  function  returns the login UID for the process.  The login UID is the immutable stamp for the process and accurately
       denotes the account under which the session is being run, regardless of subsequent setuid() calls.

       The starting_ruid() function returns the real UID for the process as it was set	in  the  beginning  of	the  program.	Similarly,  start-
       ing_euid()  returns  the effective UID, starting_rgid() returns the real GID, and starting_egid() returns the effective GID.  These IDs may
       not be the same as those returned by getuid(), geteuid(), getgid(), or getegid(), respectively, because intervening calls  to  setuid()	or
       setgid() can change them depending on the process's privileges.

       The  is_starting_luid()	function  returns a value of 1 if the argument is the same as the login UID at the time when set_auth_parameters()
       was invoked; otherwise, it returns a value of 0 (zero).	Similarly, The is_starting_ruid() function returns 1 if the argument is  the  same
       as  the	real  UID  at  the time when set_auth_parameters() was invoked, and 0 otherwise.  The is_starting_euid() function returns 1 if the
       argument is the same as the effective UID at the time when set_auth_parameters() was invoked,  and  0  otherwise.   The	is_starting_rgid()
       function  returns  1  if the argument is the same as the real GID at the time when set_auth_parameters() was invoked, and 0 otherwise.  The
       is_starting_egid() function returns 1 if the argument is the same as the effective GID at the time when set_auth_parameters() was  invoked,
       and 0 otherwise.

       The  set_auth_parameters()  function is used to retain the IDs for future lookup.  It also tests the kernel to see if the security features
       have been loaded.  If not, the program exists with an error message.  It should be called first in a program or there is a chance  that	it
       will  capture  an environment different from the conditions at the program start.  The two arguments are the argument count and vector with
       which the program was called.  The check_auth_parameters() function verifies that set_auth_parameters() has been  previously  invoked.	If
       not, the program exits.

NOTES

       Programs  must  call  set_auth_parameters() before any other action in main().  The program must always call set_auth_parameters(argc,argv)
       before doing anything that changes argc or argv; the other functions in identity.c depend on this happening.  The argc parameter must be at
       least 1.

       Programs using these functions must be compiled with -lsecurity.

RELATED INFORMATION

       Functions: getuid(2), getgid(2), setuid(2), setgid(2).  delim off

																       identity(3)
All times are GMT -4. The time now is 12:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy