Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: [Solved] effective user id upon exec
Top Forums UNIX for Dummies Questions & Answers [Solved] effective user id upon exec Post 302572338 by oviv on Thursday 10th of November 2011 12:50:13 AM
Old 11-10-2011
Quote:
Originally Posted by Corona688
It's not a file option. It's a file system option, which applies to any file in the entire partition.
Hold on; I was talking about the set-user-id permission flag.
You mean the ST_NOSUID, which you are right is a system option.

Anyway, the strange bevaior here is, in my opinion another one:
I'm claiming that the executable B file is a normal exe file with no set-uid bit.
When the process A (which do has the suid bit set) is execd by the shell, it comes up with a real user id of 502 (user2=502 is the user issuing the command), and an effective-user-id of 501 (user1=501 is the A's owner). That's expected behavior, since A is a set-uid executable and therefore the effective user id has changed, as expected.
But -here comes the weird stuff- when A execs B, the effective-user-id is turned into the real user id, even if B is a normal executable file without suid. It still sounds odd to me.

Maybe there's something I miss. Apologize if everything is clear for you.

\c

---------- Post updated 10-11-11 at 12:50 AM ---------- Previous update was 09-11-11 at 04:09 PM ----------

Good morning Smilie
In Italy we say "la notte porta consiglio".

I figured out the problem is the shell.
The exec family has many different functions. I chose the bad one.
If the shell is used (and it is with execl), you lose privileges, since sh doesn't preserve it by design, maybe for avoiding malicious trojan horses.
Anyway, using execv solves the problem: the effective-user-id is preserved across process invocations.

Thanks to you all anyway.

May this be usefull in the future for you as well.
I'm pretty sure I'll forget it tomorrow...

Bye

\c
This User Gave Thanks to oviv For This Post:
Corona688
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

Changing effective user

I would like to give execution rights for a script to one user. (that's the easy part...) When that user is running the script, I would like the effective user ID to be that of the file-owner. Is this possible? (6 Replies)
Discussion started by: hilmel
6 Replies

2. Shell Programming and Scripting

exec script as user on boot not root

Is there a way to change a process owned by root to be owned by another user. I am interested in finding out if there is a way to put a script in /etc/rc2.d that will start up automatically on reboot that will not be owned by root This is for security reasons.. The Service that runs on my server... (7 Replies)
Discussion started by: chipmunken
7 Replies

3. Shell Programming and Scripting

[Solved] Use of until loop for user confirmation

Below is my script that is using to rename the name of file .Here I am using two methods to pass the both arguments wih script name or run the script and give the input one by one.But my issue is I want to rename the name of the file if user select Y(y) then it should rename the file else select... (4 Replies)
Discussion started by: anuragpgtgerman
4 Replies

4. Shell Programming and Scripting

Script Variables Inquiry, Values Okay in Standalone Exec, No-Show in Cron Exec

I have the following bash script lines in a file named test.sh. #!/bin/bash # # Write Date to cron.log # echo "Begin SSI Load $(date +%d%b%y_%T)" # # Get the latest rates file for processing. # d=$(ls -tr /rms/data/ssi | grep -v "processed" | tail -n 1) filename=$d export filename... (3 Replies)
Discussion started by: ginowms
3 Replies

5. HP-UX

[Solved] mailx : unknown user issue

Hi all, I know this issues has been discussed multiple times, i have gone through many such discussion but unfortunately i am still not able to solve the issue being faced. I have configured the sendmail.cf with the smtp host name (Editing the entry starting with DS...) Post that restarted... (7 Replies)
Discussion started by: chpsam
7 Replies

6. UNIX for Dummies Questions & Answers

[Solved] weird in find -exec command

i feel weird with this 2 command find /tmp/*test* -user `whoami` -mtime +1 -type f -exec rm -f {}\; find /tmp/*test* -user `whoami` -mtime +1 -type f -exec ls -lrt {}\; the first one return correct which only delete those filename that consist *test* where second command it listed all the... (12 Replies)
Discussion started by: lsy
12 Replies

7. UNIX for Dummies Questions & Answers

[Solved] Loading user profile

I need some help on solaris, setting java path: $ PATH=/var/tmp/jdk1.5.0_22/jre/bin $ export PATH $ java -version I got the correct version for the application to run, which is: java version "1.5.0_22" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03) Java... (7 Replies)
Discussion started by: fretagi
7 Replies

8. Shell Programming and Scripting

[solved] awk: placement of user-defined functions

Hi folks, is there any recommendation, especially from a point of performance, about where to place a user-defined function in awk, like in BEGIN{} or if it is only need once at the end in END{}? Or doesn't it matter at all since, awk is so clever and only interprets it once, wherever it is... (3 Replies)
Discussion started by: zaxxon
3 Replies

9. UNIX for Advanced & Expert Users

Regarding real example of user of semicolon(;) and + in find/exec command.

Hello All, Was recently working on an requirement where we have to search files more than a specific number, following is the example on same. Let's say file names are test_40000.txt,test_40001.txt and so on till test_99999.txt. Now requirement was to search from find command only those... (1 Reply)
Discussion started by: RavinderSingh13
1 Replies

10. Programming

Real, effective and saved user id in C program

I figured it out by now. (0 Replies)
Discussion started by: Ralph
0 Replies

LEARN ABOUT REDHAT

setresuid

SETRESUID(2)						     Linux Programmer's Manual						      SETRESUID(2)

NAME

       setresuid, setresgid - set real, effective and saved user or group ID

SYNOPSIS

       #include <unistd.h>

       int setresuid(uid_t ruid, uid_t euid, uid_t suid);
       int setresgid(gid_t rgid, gid_t egid, gid_t sgid);

DESCRIPTION

       setresuid sets the real user ID, the effective user ID, and the saved set-user-ID of the current process.

       Unprivileged  user  processes  (i.e.,  processes with each of real, effective and saved user ID nonzero) may change the real, effective and
       saved user ID, each to one of: the current uid, the current effective uid or the current saved uid.

       The super-user may set real, effective and saved user ID to arbitrary values.

       If one of the parameters equals -1, the corresponding value is not changed.

       Completely analogously, setresgid sets the real, effective and saved group ID's of the current process, with the same restrictions for pro-
       cesses with each of real, effective and saved user ID nonzero.

RETURN VALUE

       On success, zero is returned.  On error, -1 is returned, and errno is set appropriately.

ERRORS

       EPERM  The current process was not privileged and tried to change the IDs is a not allowed way.

CONFORMING TO

       This call is nonstandard.

HISTORY

       This  system  call  was first introduced in HP-UX.  It is available under Linux since Linux 2.1.44.  These days it is also found in FreeBSD
       (for emulation of Linux binaries).

NOTES

       Under HP-UX and FreeBSD the prototype is found in <unistd.h>.  Under Linux there is so far no include file giving the prototype - this is a
       glibc bug. Programs using this system call must add the prototype themselves.

SEE ALSO

       getuid(2), setuid(2), setreuid(2), getresuid(2)

Linux 2.1.44							    2001-11-15							      SETRESUID(2)
All times are GMT -4. The time now is 04:50 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy