02-12-2018
I suppose if you have access to become the super-user (usually root, but some sites have multiple UID=0 accounts) then you are trusted. If you then choose to abuse that trust by creating a setuid executable file owned by the super-user then you are sharing that trust. If you leave the file available to be updated by others, then you are sharing the trust for what trust you are sharing.
It is usually frowned upon with most people preferring to use sudo instead. Rules can be written to allow people to assume other identities whilst running executables. It's all down to who you trust.
Can you tell us a bit more about what you need it to do?
Robin
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script.
The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable.
The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies
2. UNIX for Advanced & Expert Users
I have a binary. It is having the following permissions
rws rws rwx mqm:mqm runmqtrm
The same program on another machine is
rws rws rwx root: mqm runmqtrm
This program is a setuid program.
This is what my understanding is. Whatever user the program is started under, it will finally be... (0 Replies)
Discussion started by: bandaru
0 Replies
3. UNIX for Advanced & Expert Users
This may be a dumb question, but I've been wondering why programs such as ping and traceroute must be setuid? Are there some restrictions which prevent normal users from accessing the world via sockets?
$ pwd
/bin
$ ls -l ping traceroute
-rwsr-xr-x 1 root root 35616 Apr 7 2005 ping... (1 Reply)
Discussion started by: nathan
1 Replies
4. Programming
hi all,
i have a critical and specific problem with respect to set uid bit on user and the dll's
for a binary, (under the userid A)
it needs libraries from /usr/lib and informix libraries from $INFORMIXDIR/lib/esql
but this binary should be kicked off from id B,
hence s-bit on user is... (5 Replies)
Discussion started by: matrixmadhan
5 Replies
5. HP-UX
hi i have written small script which will login 2 two different users with su but if we run from normal user it prompts for password so
i chnaged the owner of script to root and added setuid bit
with
chmod u+s <script_name>
but when i run the script i get following message
Warning:... (3 Replies)
Discussion started by: zedex
3 Replies
6. Red Hat
Hi,
OS : Linux
I have an executable (P1) owned by user say "abcd" and the setuid bit is set. And there is another executable (P2) which brings up the process (P1).
When the setuid bit is set, the process P1 is failing, if the setuid bit is not set there is no issue.
I was wondering if... (6 Replies)
Discussion started by: ahamed101
6 Replies
7. Solaris
Hi Gurus,
I need your suggestions,to implement setuid.
Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Discussion started by: rama krishna
6 Replies
8. UNIX for Dummies Questions & Answers
Can anyone explain me difference between setuid and sticky bit? and also between setuid and chown? (3 Replies)
Discussion started by: kkalyan
3 Replies
9. Linux
Dear all,
I am newbie with linux, i dont understand any code. I have googled a long time. Please help me explain about setuid bit on linux (Centos 6)
Here:
1/ I chmod u+s for /sbin/iptables but normal user still cannot perform command (ex: /sbin/iptables -L)
2/Someone says : setuid only... (6 Replies)
Discussion started by: all4cfa
6 Replies
10. UNIX for Dummies Questions & Answers
This is a quote from the Apple security configuration (you can download it from Apple)
" Using ACLs to Restrict Usage of Setuid Programs
The ACL feature of Mac OS X can also be used to restrict the execution of setuid
programs. Restricting the execution of setuid programs to administrators... (3 Replies)
Discussion started by: Vera
3 Replies
LEARN ABOUT CENTOS
pam_wheel
PAM_WHEEL(8) Linux-PAM Manual PAM_WHEEL(8)
NAME
pam_wheel - Only permit root access to members of group wheel
SYNOPSIS
pam_wheel.so [debug] [deny] [group=name] [root_only] [trust] [use_uid]
DESCRIPTION
The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant
user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.
OPTIONS
debug
Print debug information.
deny
Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of
the group option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also specified, in
which case we return PAM_SUCCESS).
group=name
Instead of checking the wheel or GID 0 groups, use the name group to perform the authentication.
root_only
The check for wheel membership is done only.
trust
The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play
stacking the modules the wheel members may be able to su to root without being prompted for a passwd).
use_uid
The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one
account to another for example).
MODULE TYPES PROVIDED
The auth and account module types are provided.
RETURN VALUES
PAM_AUTH_ERR
Authentication failure.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
The return value should be ignored by PAM dispatch.
PAM_PERM_DENY
Permission denied.
PAM_SERVICE_ERR
Cannot determine the user name.
PAM_SUCCESS
Success.
PAM_USER_UNKNOWN
User not known.
EXAMPLES
The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants.
su auth sufficient pam_rootok.so
su auth required pam_wheel.so
su auth required pam_unix.so
SEE ALSO
pam.conf(5), pam.d(5), pam(8)
AUTHOR
pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
Linux-PAM Manual 09/19/2013 PAM_WHEEL(8)