04-03-2012
The point is that programs which don't
need setuid shouldn't have it -- that would be very dangerous. But there are those things which do.
mount for instance needs setuid in a lot of systems. This is okay because it implements its own security.
If someone set
cp setuid just to make things more convenient for themselves, that on the other hand would be a nightmare.
You'll have to consider them individually.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello all,
I was wondering if anyone can tell me how to change 24 bits depth display to 8 bits depth display for Sun Ultra1, running Solaris 8? THANKS in advance. I think that the command is ffbconfig, but it has nothing about depth. (4 Replies)
Discussion started by: larry
4 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I have been looking at setuid and setgid.
I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?!
But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere..
Any help... (1 Reply)
Discussion started by: crispy
1 Replies
3. Programming
I have a setuid to root program that has now to be changed to setuid to oracle depending on who is running it. Oracle has only two groups, dba (primary) and osgrp1 (secondary). But running 'id' if oracle shows all the secondary groups belonging to root, and only dba or osgrp1 as the primary group... (2 Replies)
Discussion started by: blowtorch
2 Replies
4. Shell Programming and Scripting
About System and Perl: Sun Solaris 5.9 sparc, Perl 5.6.1
I've decided to use the perl file::find module to look for all the SETUID and SETGID files on my unix boxes. I wrote something like this: (I've shorted it a little to make it simple)
#!/opt/perl/bin/perl
use File::Find;
find... (1 Reply)
Discussion started by: x96riley3
1 Replies
5. Solaris
hi..
why we go for setuid, setgid permissions?
as a system admin ,when we use this ,except default solaris setuid,setgid files and dirs..
hopes that anyone can help me regarding this.. (1 Reply)
Discussion started by: saravananpalani
1 Replies
6. What is on Your Mind?
Ten movies have been nominated as best motion picture by the International Press Academy, presentation of the 2012 Satellite Awards will be held on 16th December at Los Angeles, CA.
Place your bits here on one of the below nominated movie of your choice:-
Argo
... (0 Replies)
Discussion started by: Yoda
0 Replies
7. Solaris
I have a user AAA who's who is part of a group call clserv and techsupp, His userfiles have the following permissions:-
drwxrwx--- 16 AAA clserv 1858 Aug 22 12:48 UserFiles
he has a link in his UserFiles/
lrwxrwxrwx 1 root root 36 Mar 9 2013 TECHSUPP_GLOBAL... (5 Replies)
Discussion started by: kilobyter
5 Replies
8. Shell Programming and Scripting
so im writing a script for a android system. these types of systems are not the typical unix systems.
what i need to do is basic. i have a script which I put in a directory and then zipped up the directory in a zip file. that way, when the script is unzipped, the person unzipping will see... (1 Reply)
Discussion started by: SkySmart
1 Replies
9. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
SETUID(2) BSD System Calls Manual SETUID(2)
NAME
setegid, seteuid, setgid, setuid -- set user and group ID
SYNOPSIS
#include <unistd.h>
int
setegid(gid_t egid);
int
seteuid(uid_t euid);
int
setgid(gid_t gid);
int
setuid(uid_t uid);
DESCRIPTION
The setuid() function sets the real and effective user IDs and the saved set-user-ID of the current process to the specified value. The
setuid() function is permitted if the effective user ID is that of the super user, or if the specified user ID is the same as the effective
user ID. If not, but the specified user ID is the same as the real user ID, setuid() will set the effective user ID to the real user ID.
The setgid() function sets the real and effective group IDs and the saved set-group-ID of the current process to the specified value. The
setgid() function is permitted if the effective user ID is that of the super user, or if the specified group ID is the same as the effective
group ID. If not, but the specified group ID is the same as the real group ID, setgid() will set the effective group ID to the real group
ID.
The seteuid() function (setegid()) sets the effective user ID (group ID) of the current process. The effective user ID may be set to the
value of the real user ID or the saved set-user-ID (see intro(2) and execve(2)); in this way, the effective user ID of a set-user-ID exe-
cutable may be toggled by switching to the real user ID, then re-enabled by reverting to the set-user-ID value. Similarly, the effective
group ID may be set to the value of the real group ID or the saved set-user-ID.
RETURN VALUES
Upon success, these functions return 0; otherwise -1 is returned.
If the user is not the super user, or the uid specified is not the real, effective ID, or saved ID, these functions return -1.
ERRORS
The setegid(), seteuid(), setgid(), and setuid() system calls will fail if:
[EINVAL] The value of the {group,user} ID argument is invalid and is not supported by the implementation.
[EPERM] The process does not have appropriate privileges and the ID argument does not match the real ID or the saved
set-{group,user}-ID.
LEGACY SYNOPSIS
#include <sys/types.h>
#include <unistd.h>
The include file <sys/types.h> is necessary for all functions.
SEE ALSO
getgid(2), getuid(2), compat(5)
STANDARDS
The setuid() and setgid() functions are compliant with the ISO/IEC 9945-1:1990 (``POSIX.1'') specification with _POSIX_SAVED_IDS defined,
with the extensions allowed in section B.4.2.2. The seteuid() and setegid() functions are extensions based on the POSIX concept of
_POSIX_SAVED_IDS, and have been proposed for a future revision of the standard.
4.2 Berkeley Distribution June 4, 1993 4.2 Berkeley Distribution