07-24-2014
There's no other way to say it, so I'll say it: your auditor is incompetent.
There are numerous setuid programs in any Unix or Unix-style OS. Many of them need to be setuid for them to operate properly. "su" is one. X windows servers tend to be another. "passwd" also needs to be setuid or users won't be able to set their own passwords. Don't tell me that audit report says to remove the setuid bit from "passwd"...
There are many others, too.
I'd be real careful following the recommendations of that audit report. You're likely to find yourself with non-working systems.
These 3 Users Gave Thanks to achenle For This Post:
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
today i started the LFS book (version 4.0).
Basically i am using slackware 9.0 to try and install a new linux completely from source on another partition.
Now i took the book's recommendations and created a user called lfs so i wouldn't have to do the stuff as root, and i have got the new LFS... (4 Replies)
Discussion started by: Calum
4 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I have a problem I don't understand with fuser.
I launch a simple shell script mysleep.sh:
I launch the command fuser -fu mysleep.sh but fuser doesn't return anything excepted:
mysleep:
Then I modify my script switching from #!/bin/sh to #!/bin/ksh
I launch the command fuser -fu... (4 Replies)
Discussion started by: Peuj
4 Replies
3. Solaris
Hello Guruz,
Relay bad condition :mad:
Some has changed the permission to 777 recursively for /usr/bin directory by mistake. Now all the permission looks to be 777 on /usr/bin
Hence I am so many system related errors as 1 show below.
When I am trying to change the password, I am getting... (5 Replies)
Discussion started by: bullz26
5 Replies
4. OS X (Apple)
I accidentally changed to sudo chmod a=w to my /usr/bin folder on my macbook with OS 10.5.8... Please help! I can't even get into a terminal correctly cause it displays:
-bash: uname: command not found
-bash: cut: command not found
-bash: uname: command not found
-bash: cut: command not found... (6 Replies)
Discussion started by: scaryMac23
6 Replies
5. Red Hat
Hi
I think my /bin is corrupted which is why I can’t boot my server.. Anyone knows what below file permission means?
# ls -l /mnt/sysimage | grep bin
drwxr-xr-x 2 root root 12288 Sep 29 11:23 sbin
?r--rw-x 41112 16694 1305152 0 Feb 10 2055 bin
Tried overwriting, deleting,chmod,chown but... (0 Replies)
Discussion started by: halacil
0 Replies
6. OS X (Apple)
Q1. I understand that /usr/local/bin means I can install/uninstall stuff in here and have any chance of messing up my original system files or effecting any other users. I created this directory myself.
But what about the directory I didn't create, namely /Users/m/bin? How is that directory... (1 Reply)
Discussion started by: michellepace
1 Replies
7. Shell Programming and Scripting
hello friends,
By mistake I have run find / -type f -exec chmod 644 {} \;
now all permission has been chaged of /bin
I am not able to change the permission. I am working on the virtuozzo VPS.
Is their any way to retrieve the permission to 770 to /bin
Note /bin/chmod also not executing... (2 Replies)
Discussion started by: sharlin
2 Replies
8. AIX
Hi,
I am planning to install a version of Informatica on my AIX box. It requires a specific java build in pap6470_27sr2-20141101_01(SR2).
The current link for IBM 64-bit SDK for AIX®, JavaTM Technology Edition, Version 7 Release 1 has a more recent version in j7r164redist.7.1.0.75.bin.
Is... (4 Replies)
Discussion started by: meetpraveens
4 Replies
9. UNIX for Dummies Questions & Answers
Hey guys,
Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries.
However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies
10. Shell Programming and Scripting
Some question about the usage of shell scripts:
1.) Are the commands of the base shell scripts a subset of bash commands?
2.) Assume I got a long, long script WITHOUT the first line.
How can I find out if the script was originally designed für "sh" or "bash"?
3.) How can I check a given... (3 Replies)
Discussion started by: pstein
3 Replies
LEARN ABOUT REDHAT
setuid
SETUID(2) Linux Programmer's Manual SETUID(2)
NAME
setuid - set user identity
SYNOPSIS
#include <sys/types.h>
#include <unistd.h>
int setuid(uid_t uid);
DESCRIPTION
setuid sets the effective user ID of the current process. If the effective userid of the caller is root, the real and saved user ID's are
also set.
Under Linux, setuid is implemented like the POSIX version with the _POSIX_SAVED_IDS feature. This allows a setuid (other than root) pro-
gram to drop all of its user privileges, do some un-privileged work, and then re-engage the original effective user ID in a secure manner.
If the user is root or the program is setuid root, special care must be taken. The setuid function checks the effective uid of the caller
and if it is the superuser, all process related user ID's are set to uid. After this has occurred, it is impossible for the program to
regain root privileges.
Thus, a setuid-root program wishing to temporarily drop root privileges, assume the identity of a non-root user, and then regain root priv-
ileges afterwards cannot use setuid. You can accomplish this with the (non-POSIX, BSD) call seteuid.
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is set appropriately.
ERRORS
EPERM The user is not the super-user, and uid does not match the real or saved user ID of the calling process.
CONFORMING TO
SVr4, SVID, POSIX.1. Not quite compatible with the 4.4BSD call, which sets all of the real, saved, and effective user IDs. SVr4 documents
an additional EINVAL error condition.
LINUX-SPECIFIC REMARKS
Linux has the concept of filesystem user ID, normally equal to the effective user ID. The setuid call also sets the filesystem user ID of
the current process. See setfsuid(2).
If uid is different from the old effective uid, the process will be forbidden from leaving core dumps.
SEE ALSO
getuid(2), setreuid(2), seteuid(2), setfsuid(2)
Linux 1.1.36 1994-07-29 SETUID(2)