|
|
Sponsored Content
Operating Systems
Solaris
Need help with setuid.
Post 302561338 by jlliagre on Tuesday 4th of October 2011 01:14:20 AM
10-04-2011
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script.
The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable.
The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I have been looking at setuid and setgid.
I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?!
But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere..
Any help... (1 Reply)
Discussion started by: crispy
1 Replies
3. UNIX for Advanced & Expert Users
Hi,
This question deals with Solaris 2.8 and setuid programs. From research I've done so far, setuid programs ignore LD_LIBRARY_PATH; I've proven this and am OK with it. The thing I am not certain of how the C compiler is supposed to behave when it is invoked via a setuid program. Basically,... (0 Replies)
Discussion started by: WolfBoy
0 Replies
4. UNIX for Dummies Questions & Answers
could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies
5. Solaris
Hi All,
Can someone give me some info about setuid or guid topic? Also about sticky bit.
Thanks in advance,
itik (9 Replies)
Discussion started by: itik
9 Replies
6. UNIX Desktop Questions & Answers
I would like to list files with setuid and setgid set up. I used the find command, but I got a lot of permission denied error. I tried to redirect the error to the hole it does not work. I used the command string below
find . -type f \( -perm -4000 -o -perm -2000 \) -exec ls {} \; 2>/dev/null... (3 Replies)
Discussion started by: Pouchie1
3 Replies
7. AIX
Guy's
I'm trying to add some lines in sudo by useing this command visudo
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
#... (5 Replies)
Discussion started by: ITHelper
5 Replies
8. HP-UX
Hi All,
How to prevent root user from doing setuid().
In otherwords, if the root(any user) is trying to do setuid in a program it should fail. (5 Replies)
Discussion started by: guru13
5 Replies
9. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
10. Shell Programming and Scripting
I'm trying - as an ordinary user - to create a file in the root directory of my system. For that purpose I wrote a simple script that echoes a string into a file. I made the file executable, used sudo to change ownership to root. Like this:
$ cat hello
#!/bin/bash
echo hello > /hello
$... (5 Replies)
Discussion started by: Ralph
5 Replies
LEARN ABOUT HPUX
authadm
authadm(1M) authadm(1M) NAME
authadm - non-interactive command for administrating the authorization information in the RBAC databases SYNOPSIS
[object [comments]] [object] operation [object] subrole DESCRIPTION
is a non-interactive command that allows users with the appropriate privileges to modify and list authorization information in the and RBAC databases files. HP recommends using only the and commands to edit and view the RBAC databases -- do not edit the RBAC files without these commands. See rbac(5) for more information on these RBAC databases. Options With the exception of the option, all options recognize a default object. If the parameter is specified with a non-empty value in the security default file, then the value of this parameter will be the default object. However, if the parameter does not exist or is set to an empty value, then the default object will be set to a wild card (*). Here is how to specify a value to the parameter in For example: In sets the default object to If line is not present or is commented out, then the default object will be set to "*". recognizes the following options: Adds an authorization pair (operation, object) to the system list of valid authorizations by appending a line to the file. If object is not specified, then a default object will be assigned. The default object will either be a wild card (*) or the object specified in the security default configuration file, A comment may not be specified when adding an entry that refers to the default object in The only way to add a comment to an entry with the option is to specify the object explicitly. Deletes an authorization from the system list of valid authorizations. If object is not specified, then a default object will be assumed. The default object will either be a wild card (*) or the object specified in the security default configuration file, If the authorization exists in deletes the entry. If the specified authorization is assigned to any roles in will remove the autho- rization from the role. If the specified authorization exists in an entry in will remove the entire entry. If the authorization does not exist in returns an error message. See the section below for more information. Assigns an authorization pair to a role. verifies the role exists in before verifying the authorization pair exists in appends the authorization to the role to authorization mapping in if the role and authorization pair exists. If object is not specified, then a default object will be assigned. The default object will either be a wild card (*) or the object specified in the security default configuration file, Assigns a role to another different role. The role being assigned to the other different role is referred to as a A subrole is any valid role defined in the database. The option allows hierarchical role definition (one role can inherit other subrole). After assigning a subrole to another role, that role will also have all the authorizations of the subrole, and any of its subroles. More than one subrole can be assigned to other different role. verifies the role and subrole exist in It also verifies that there is no recursive definitions of the role and subrole. (If "role1" has a subrole of "role2", and if you try to "role1" to "role2", this will cause a recursive definition of both "role1" and "role2"). appends the subrole to the role to authorization mapping in Revokes an authorization from the specified role in If no authorization is specified, revokes all the authorizations for the given role. If object is not specified, then a default object will be assumed. The default object will either be a wild card (*) or the object specified in the security default configuration file, The file will be modified by the command. Revokes a subrole from the specified role in Note that the role specified as the subrole is not revoked from the database, just the subrole assignment is revoked. For instance, if these entries are in the database: will modify the line to: revokes specified the authorizations and/or subrole for the given role. Note: The file will be modified by the command. Invoking the list command without any parameters lists every entry in Specifying a role name lists all the authorizations and sub- roles assigned to that role name. Specifying an operation name lists all the roles witch have that operation name. Specifying a subrole name lists all the roles which have that subrole name. Specifying lists all the authorizations in the database. Authorizations In order to invoke the user must either be root, (running with effective uid of 0), or have the appropriate authorization(s). The follow- ing is a list of the required authorizations for running with particular options: Allows user to run with option. Allows user to run option. Allows user to run with or option. Allows user to run with or option. Allows user to run with option. EXTERNAL INFLUENCES
Environment Variables determines the language in which messages are displayed. International Code Set Support Single-byte character code set is supported. RETURN VALUE
Success. If is successful, it returns Failure. returns and prints an appropriate error message to stderr. EXAMPLES
The following commands each add an authorization (operation, object) entry in the database file: The following commands each delete an authorization (operation, object) entry from the database file: The following commands each assign an authorization (operation, object) pair to a role in database file: The following commands each assign a subrole to a role in database file: The following commands each revokes an operation for the specified operation from a role in the file: The following commands each revokes a subrole from the specified role in the database file: The following command lists all the authorizations for the role: The following command lists all the entries with operation The following command lists all the entries with object The following command lists all the roles with their authorizations in database: FILES
Database containing valid definitions of all roles. Database containing definitions of all valid authorizations. Database specifying the roles allowed for each specified user. Database defining the authorizations for each specified role. SEE ALSO
cmdprivadm(1M), privrun(1M), rbacdbchk(1M), roleadm(1M), rbac(5). authadm(1M)