07-24-2014
Permit me to be quite extremely blunt. Your auditor is an idiot. He has heard that "SUID is bad" and parroted it, but has no real understanding of it. Following his advice will ruin your machine.
su couldn't possibly work if it weren't SUID. It needs to access the shadow files, which are locked to root!
Now, if there are things which are set SUID but shouldn't be, that would be bad. Having cp set SUID would be a recipe for disaster for example.
These 3 Users Gave Thanks to Corona688 For This Post:
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
today i started the LFS book (version 4.0).
Basically i am using slackware 9.0 to try and install a new linux completely from source on another partition.
Now i took the book's recommendations and created a user called lfs so i wouldn't have to do the stuff as root, and i have got the new LFS... (4 Replies)
Discussion started by: Calum
4 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I have a problem I don't understand with fuser.
I launch a simple shell script mysleep.sh:
I launch the command fuser -fu mysleep.sh but fuser doesn't return anything excepted:
mysleep:
Then I modify my script switching from #!/bin/sh to #!/bin/ksh
I launch the command fuser -fu... (4 Replies)
Discussion started by: Peuj
4 Replies
3. Solaris
Hello Guruz,
Relay bad condition :mad:
Some has changed the permission to 777 recursively for /usr/bin directory by mistake. Now all the permission looks to be 777 on /usr/bin
Hence I am so many system related errors as 1 show below.
When I am trying to change the password, I am getting... (5 Replies)
Discussion started by: bullz26
5 Replies
4. OS X (Apple)
I accidentally changed to sudo chmod a=w to my /usr/bin folder on my macbook with OS 10.5.8... Please help! I can't even get into a terminal correctly cause it displays:
-bash: uname: command not found
-bash: cut: command not found
-bash: uname: command not found
-bash: cut: command not found... (6 Replies)
Discussion started by: scaryMac23
6 Replies
5. Red Hat
Hi
I think my /bin is corrupted which is why I can’t boot my server.. Anyone knows what below file permission means?
# ls -l /mnt/sysimage | grep bin
drwxr-xr-x 2 root root 12288 Sep 29 11:23 sbin
?r--rw-x 41112 16694 1305152 0 Feb 10 2055 bin
Tried overwriting, deleting,chmod,chown but... (0 Replies)
Discussion started by: halacil
0 Replies
6. OS X (Apple)
Q1. I understand that /usr/local/bin means I can install/uninstall stuff in here and have any chance of messing up my original system files or effecting any other users. I created this directory myself.
But what about the directory I didn't create, namely /Users/m/bin? How is that directory... (1 Reply)
Discussion started by: michellepace
1 Replies
7. Shell Programming and Scripting
hello friends,
By mistake I have run find / -type f -exec chmod 644 {} \;
now all permission has been chaged of /bin
I am not able to change the permission. I am working on the virtuozzo VPS.
Is their any way to retrieve the permission to 770 to /bin
Note /bin/chmod also not executing... (2 Replies)
Discussion started by: sharlin
2 Replies
8. AIX
Hi,
I am planning to install a version of Informatica on my AIX box. It requires a specific java build in pap6470_27sr2-20141101_01(SR2).
The current link for IBM 64-bit SDK for AIX®, JavaTM Technology Edition, Version 7 Release 1 has a more recent version in j7r164redist.7.1.0.75.bin.
Is... (4 Replies)
Discussion started by: meetpraveens
4 Replies
9. UNIX for Dummies Questions & Answers
Hey guys,
Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries.
However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies
10. Shell Programming and Scripting
Some question about the usage of shell scripts:
1.) Are the commands of the base shell scripts a subset of bash commands?
2.) Assume I got a long, long script WITHOUT the first line.
How can I find out if the script was originally designed für "sh" or "bash"?
3.) How can I check a given... (3 Replies)
Discussion started by: pstein
3 Replies
CHMOD(3) 1 CHMOD(3)
chmod - Changes file mode
SYNOPSIS
bool chmod (string $filename, int $mode)
DESCRIPTION
Attempts to change the mode of the specified file to that given in $mode.
PARAMETERS
o $filename
- Path to the file.
o $mode
- Note that $mode is not automatically assumed to be an octal value, so to ensure the expected operation, you need to prefix $mode
with a zero (0). Strings such as "g+w" will not work properly.
<?php
chmod("/somedir/somefile", 755); // decimal; probably incorrect
chmod("/somedir/somefile", "u+rwx,go+rx"); // string; incorrect
chmod("/somedir/somefile", 0755); // octal; correct value of mode
?>
man 1 chmod' and ' man 2 chmod'.
<?php
// Read and write for owner, nothing for everybody else
chmod("/somedir/somefile", 0600);
// Read and write for owner, read for everybody else
chmod("/somedir/somefile", 0644);
// Everything for owner, read and execute for others
chmod("/somedir/somefile", 0755);
// Everything for owner, read and execute for owner's group
chmod("/somedir/somefile", 0750);
?>
RETURN VALUES
Returns TRUE on success or FALSE on failure.
NOTES
Note
The current user is the user under which PHP runs. It is probably not the same user you use for normal shell or FTP access. The
mode can be changed only by user who owns the file on most systems.
Note
This function will not work on remote files as the file to be examined must be accessible via the server's filesystem.
Note
When safe mode is enabled, PHP checks whether the files or directories you are about to operate on have the same UID (owner) as the
script that is being executed. In addition, you cannot set the SUID, SGID and sticky bits.
SEE ALSO
chown(3), chgrp(3), fileperms(3), stat(3).
PHP Documentation Group CHMOD(3)