Hi,
I have a script, 'transfer_file' that has setuid permissions set and is running on Solaris 9 and 10.
From within this script I need to run a sftp command to transfer a file to a remote server. The public keys of the script owner have been transferred to the remote server and files and remote listings can be transferred without problem from the command prompt.
However when the sftp command is run from within the script it requests that a password be entered when run by another user id.
Script permissions are:
Code:
-rwsrwxr-- 1 script_owner group 1206 Apr 15 11:06 transfer_file
The relevant code within this script is below
Code:
echo "Running as `whoami`\nID information is `id`\n"
sftp remote_user@remote_server <<EOF
ls -l
quit
EOF
When run as 'script_owner' it runs correctly and produces the following output
Code:
prompt > transfer_file
/dev/fd/3
Running as 'script_owner'
ID information is uid=3031(script_owner) gid=350(group)
Connecting to remote_server...
sftp> drwxr-xr-x 0 63533 64167 8192 Apr 14 16:09 .
drwxrwxrwx 0 0 1000800 8192 Oct 20 16:49 ..
-rw------- 0 63533 64167 3720 Apr 14 20:36 .sh_history
drwx------ 0 63533 64167 8192 Mar 14 08:41 .ssh
drwxr-xr-x 0 63533 64167 8192 Apr 11 15:07 .ssh2
However when run as a different user it produces the following:
Code:
prompt > transfer_file
Running as 'script_owner'
ID information is uid=3012(user_1) gid=350(group) euid=3031(script_owner)
Connecting to remote_server...
dixtusrd@s0da.r1-core.r1s password:
Is this a restriction of ssh to disallow remote connections without entering a password when using setuid ?
I do not have the password for the user on the remote server.
I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script.
The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable.
The reason why I am... (2 Replies)
Hi,
I have been looking at setuid and setgid.
I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?!
But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere..
Any help... (1 Reply)
Hi,
I have a script (a.pl) that can be run by anyone. The script internally has to read a file and write into few files which are owned by user 'myUser'.
Has to read the following file:
-rwx------ 1 myuser myuser 4986 Aug 20 18:11 my.file
Has to write into following files:
... (0 Replies)
Hi Gurus,
I need your suggestions,to implement setuid.
Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Hi,
I have situation where i need to automate transferring 10000+ files using sftp.
while read line
do
if ; then
echo "-mput /home/student/Desktop/folder/$line/* /cygdrive/e/folder/$line/">>sftpCommand.txt
fi
done< files.txt
sftp -b sftpCommand.txt stu@192.168.2.1
The above... (1 Reply)
Hi,
I have the following 3 test files to test setuid bit which if it works I would like to implement in our application. However setuid doesnot seem to be having any impact on my test below.Following are the 3 files of interest in /tmp/ folder.
$ ls -ltr *env*
-rw------- 1 g332008 users 6... (23 Replies)
Dear All,
I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
LEARN ABOUT POSIX
sftp-server
sftp-server(1M) System Administration Commands sftp-server(1M)NAME
sftp-server - SFTP server subsystem
SYNOPSIS
/usr/lib/ssh/sftp-server
DESCRIPTION
sftp-server implements the server side of the SSH File Transfer Protocol as defined in the IETF draft-ietf-secsh-filexfer.
sftp-server is a subsystem for sshd(1M) and must not be run directly. There are no options or config settings.
To enable the sftp-server subsystem for sshd add the following to /etc/ssh/sshd_config:
Subsystem sftp /usr/lib/ssh/sftp-server
See sshd_config(4) for a description of the format and contents of that file.
There is no relationship between the protocol used by sftp-server and the FTP protocol (RFC 959) provided by in.ftpd.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
FILES
/usr/lib/sftp-server
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshdu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO sftp(1), ssh(1), ssh-add(1), ssh-keygen(1), sshd(1M), sshd_config(4), attributes(5)
To view license terms, attribution, and copyright for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the
Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the installed
location.
AUTHOR
Markus Friedl
SunOS 5.10 30 Jul 2003 sftp-server(1M)