Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Using sftp from within setuid script
Top Forums Shell Programming and Scripting Using sftp from within setuid script Post 302971055 by stv_t on Friday 15th of April 2016 07:10:41 AM
Old 04-15-2016
Using sftp from within setuid script
Hi,
I have a script, 'transfer_file' that has setuid permissions set and is running on Solaris 9 and 10.
From within this script I need to run a sftp command to transfer a file to a remote server. The public keys of the script owner have been transferred to the remote server and files and remote listings can be transferred without problem from the command prompt.
However when the sftp command is run from within the script it requests that a password be entered when run by another user id.

Script permissions are:
Code:
-rwsrwxr--   1 script_owner group       1206 Apr 15 11:06  transfer_file

The relevant code within this script is below
Code:
echo "Running as `whoami`\nID information is `id`\n"

sftp remote_user@remote_server <<EOF
ls -l
quit
EOF

When run as 'script_owner' it runs correctly and produces the following output
Code:
prompt > transfer_file           
/dev/fd/3
Running as 'script_owner'
ID information is uid=3031(script_owner) gid=350(group)
Connecting to remote_server...
sftp> drwxr-xr-x    0 63533    64167        8192 Apr 14 16:09 .
drwxrwxrwx    0 0        1000800      8192 Oct 20 16:49 ..
-rw-------    0 63533    64167        3720 Apr 14 20:36 .sh_history
drwx------    0 63533    64167        8192 Mar 14 08:41 .ssh
drwxr-xr-x    0 63533    64167        8192 Apr 11 15:07 .ssh2

However when run as a different user it produces the following:
Code:
prompt > transfer_file
Running as 'script_owner'
ID information is uid=3012(user_1) gid=350(group) euid=3031(script_owner)

Connecting to remote_server...
dixtusrd@s0da.r1-core.r1s password:

Is this a restriction of ssh to disallow remote connections without entering a password when using setuid ?

I do not have the password for the user on the remote server.

Stv T
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

setuid

I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script. The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable. The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies

2. UNIX for Dummies Questions & Answers

Using setuid and setgid

Hi, I have been looking at setuid and setgid. I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?! But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere.. Any help... (1 Reply)
Discussion started by: crispy
1 Replies

3. Shell Programming and Scripting

Problem executing setuid script in perl-5.8.6

Hi, I have a script (a.pl) that can be run by anyone. The script internally has to read a file and write into few files which are owned by user 'myUser'. Has to read the following file: -rwx------ 1 myuser myuser 4986 Aug 20 18:11 my.file Has to write into following files: ... (0 Replies)
Discussion started by: sarmakdvsr
0 Replies

4. UNIX for Dummies Questions & Answers

setuid

could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies

5. Solaris

Need help with setuid.

Hi Gurus, I need your suggestions,to implement setuid. Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies

6. Shell Programming and Scripting

SFTP-how to log individual sftp command error while executing shell script

Hi, I have situation where i need to automate transferring 10000+ files using sftp. while read line do if ; then echo "-mput /home/student/Desktop/folder/$line/* /cygdrive/e/folder/$line/">>sftpCommand.txt fi done< files.txt sftp -b sftpCommand.txt stu@192.168.2.1 The above... (1 Reply)
Discussion started by: noobrobot
1 Replies

7. Shell Programming and Scripting

Setuid not working in Linux as script fails to write to file.

Hi, I have the following 3 test files to test setuid bit which if it works I would like to implement in our application. However setuid doesnot seem to be having any impact on my test below.Following are the 3 files of interest in /tmp/ folder. $ ls -ltr *env* -rw------- 1 g332008 users 6... (23 Replies)
Discussion started by: waavman
23 Replies

8. Shell Programming and Scripting

SFTP or scp with password in a batch script without using SSH keys and expect script

Dear All, I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Discussion started by: ss112233
5 Replies

9. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

LEARN ABOUT PHP

sftp-server

sftp-server(1M) 					  System Administration Commands					   sftp-server(1M)

NAME

       sftp-server - SFTP server subsystem

SYNOPSIS

       /usr/lib/ssh/sftp-server

DESCRIPTION

       sftp-server implements the server side of the SSH File Transfer Protocol as defined in the IETF draft-ietf-secsh-filexfer.

       sftp-server is a subsystem for sshd(1M) and must not be run directly. There are no options or config settings.

       To enable the sftp-server subsystem for sshd add the following to /etc/ssh/sshd_config:

       Subsystem   sftp     /usr/lib/ssh/sftp-server

       See sshd_config(4) for a description of the format and contents of that file.

       There is no relationship between the protocol used by sftp-server and the FTP protocol (RFC 959) provided by in.ftpd.

EXIT STATUS

       The following exit values are returned:

       0	Successful completion.

       >0	An error occurred.

FILES

       /usr/lib/sftp-server

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsshdu 		   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       sftp(1), ssh(1), ssh-add(1), ssh-keygen(1), sshd(1M), sshd_config(4), attributes(5)

       To  view  license  terms,  attribution,	and  copyright	for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the
       Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed
       location.

AUTHOR

       Markus Friedl

SunOS 5.10							    30 Jul 2003 						   sftp-server(1M)
All times are GMT -4. The time now is 02:56 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy