06-26-2013
I didnot know that setuid is not supported by Linux.
But I noticed that the /usr/bin/passwd binary has setuid set on Linux. Similarly ping program also has setuid bit set on Linux.
How is that possible if Linux doesnot support setuid. ALso how will the passwd command write to /etc/shadow if setuid is not supported on Linux. Also how come I saw the rwsr-xr-x permission on the /usr/bin/passwd executable ?
Please throw some light.
thanks
---------- Post updated at 12:48 AM ---------- Previous update was at 12:36 AM ----------
My objective is for an environment file which has database passwords in it NOT to be readable by the anybody logging as the application user but at the same time the script which uses these passwords must be able to execute some script and read these passwords and use the passwords for running its internal database sqls'. I was thinking of making the environment file owner as root with no read permission to the application userid so that nobody can view the passwords and then use setuid bit on the support script which when called by the main script is able to fetch these passwords as it runs as root user. But since setuid is not supported by Linux I will not be able to make the password file non-readable owned by root and be able to execute some setuid script that can fetch the passwords from this root owned password file.
Any suggestions on an alternative way to achieve this would be highly welcome ?
thanks
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I am researching ways in which to backup files or whole file systems for backup to another system.
We are using Suse Linux 7.0 with no tape backup devices or secondary disks.
What utilities would be the best to use for a simple yet flexible script for backup purposes?
tar, cpio, compress. (3 Replies)
Discussion started by: darthur
3 Replies
2. Shell Programming and Scripting
i have a script that will retrive some info from database. The script is working fine but i have to add new feature in it when the script fails or retrive null result it should reflect in the log file.
below the script AMR_Inactive.sh
while read i
do
connect1=`sqlplus -silent... (3 Replies)
Discussion started by: ali560045
3 Replies
3. IP Networking
Hi,
We have smb client running on two of the linux boxes and smb server on another linux system. During a backup operation which uses smb, read of a file was allowed while write to the same file was going on.Also simultaneous writes to the same file were allowed.Following are the settings in the... (1 Reply)
Discussion started by: swatidas11
1 Replies
4. UNIX for Advanced & Expert Users
Hi ,
when a process fails to write to /dev/log ? (1 Reply)
Discussion started by: Gopi Krishna P
1 Replies
5. UNIX for Dummies Questions & Answers
Hello everyone,
I have a radio wireless called UBNT Nanostation5
It has this linux OS:Linux version 2.4.27-ubnt0
When i want to write a script in ssh, i get some errors
The script is:
ifconfig eth0 down
ifconfig eth0 hw ether 00:15:6D:**:**:**
ifconfig eth0 up
cfg -x
echo... (1 Reply)
Discussion started by: cygol
1 Replies
6. Shell Programming and Scripting
Hi everyone,
when executing this command in unix:
echo "WM7 Fatal Alerts:", $(cat query1.txt) > a.csvIt works fine, but running this command in a shell script gives an error saying that there's a syntax error.
here is content of my script:
tdbsrvr$ vi hc.sh
"hc.sh" 22 lines, 509... (4 Replies)
Discussion started by: 4dirk1
4 Replies
7. Red Hat
Hi,
OS : Linux
I have an executable (P1) owned by user say "abcd" and the setuid bit is set. And there is another executable (P2) which brings up the process (P1).
When the setuid bit is set, the process P1 is failing, if the setuid bit is not set there is no issue.
I was wondering if... (6 Replies)
Discussion started by: ahamed101
6 Replies
8. UNIX for Beginners Questions & Answers
Hi,
i am new here let me say HI for all.
now i have a question please:
i am sending one command to my machine to create 3 names.
if one of the names exists then the box return error message that already have the name but will continue to create the rests.
How i can break the command and... (7 Replies)
Discussion started by: Amiri
7 Replies
9. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
LEARN ABOUT DEBIAN
setuid
SETUID(1) General Commands Manual SETUID(1)
NAME
setuid - run a command with a different uid.
SYNOPSIS
setuid username|uid command [ args ]
DESCRIPTION
Setuid changes user id, then executes the specified command. Unlike some versions of su(1), this program doesn't ever ask for a password
when executed with effective uid=root. This program doesn't change the environment; it only changes the uid and then uses execvp() to find
the command in the path, and execute it. (If the command is a script, execvp() passes the command name to /bin/sh for processing.)
For example,
setuid some_user $SHELL
can be used to start a shell running as another user.
Setuid is useful inside scripts that are being run by a setuid-root user -- such as a script invoked with super, so that the script can
execute some commands using the uid of the original user, instead of root. This allows unsafe commands (such as editors and pagers) to be
used in a non-root mode inside a super script. For example, an operator with permission to modify a certain protected_file could use a
super command that simply does:
cp protected_file temp_file
setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
cp temp_file protected_file
(Note: don't use this example directly. If the temp_file can somehow be replaced by another user, as might be the case if it's kept in a
temporary directory, there will be a race condition in the time between editing the temporary file and copying it back to the protected
file.)
AUTHOR
Will Deich
local SETUID(1)