Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: root group permissions
Top Forums UNIX for Dummies Questions & Answers root group permissions Post 9694 by Perderabo on Thursday 1st of November 2001 09:05:05 AM
Old 11-01-2001
I must disagree with this advice. Only a process whose effective uid is zero can do superuser stuff. This is very deeply embedded in the kernel and no amount of fiddling with inodes in a filesystem is going to confer superuser status on a process just because it is a member of a group called root. You would also need to set the suid bit on many files and ensure that they are owned by root to have a shot at this. Say good-bye to system security if you do.

Even if you could do this, you shouldn't want to. It's a good thing that your normal account can't do root stuff. The first time you accidently type "rm *" while cd'ed to /etc and find that you did no damage will compensate you for needing to type "su" and enter a password every now and then.

Take a look at this thread. You are going to greatly increase the chance that this happens to you.
 

10 More Discussions You Might Find Interesting

1. Filesystems, Disks and Memory

group permissions/webserver

Hi, there is one strange situation with directory permissions that I run into every now and then, and now I face it a gain with a webserver. Situation (example): drwxrwsr-x 14 user www-data 4096 Jul 28 11:06 . drwxr-xr-x 2 www-data www-data 4096 Jul 28 11:06 subdir -rwxr-xr-x 1... (3 Replies)
Discussion started by: doozer
3 Replies

2. AIX

bin group strange permissions

I was doing a little playing around with permissions on a 5.3 box in the office and wanted to make it so that it does not take root permission to delete a users home directory once they are deactivated or deleted in smit. the default permissions are 755 with bin as both user and group I noticed... (2 Replies)
Discussion started by: dgaixsysadm
2 Replies

3. Shell Programming and Scripting

checking Permissions of file for OTHERS and GROUP

Hi, Is their a way to check the read and execute permission on a file on OTHERS and GROUP rwxr--r-x I am trying something like: if ( || ) then .... fi The code above only checks the permissions of the owner of the file but not for the GROUP and OTHERS. I will really... (5 Replies)
Discussion started by: rkumar28
5 Replies

4. Solaris

Changing root group to group from other

Does any one know if changing root's group from “other” to “root” will cause any problems on a running system. Thanks (4 Replies)
Discussion started by: mjkroner
4 Replies

5. UNIX for Dummies Questions & Answers

Group permissions

Hi, I've created a user named fwadmin, group named fwadmin and made the user belong to that group. I created the user and group using the 'User Manager' in Centos. The user belongs to /etc/fw.Does this also mean that the group fwadmin belongs to /etc/fw. That is what I want. But when I... (4 Replies)
Discussion started by: anaigini45
4 Replies

6. Solaris

Group Permissions - How to tell the difference

I am a member of a few different user groups. I would like to see what the difference is.... Can anyone tell me how to look at permissions side by side ? We are using : SunOS xxxxxx 5.10 Generic_127111-09 sun4u sparc SUNW,Sun-Fire-V440 Thanks ! (10 Replies)
Discussion started by: popeye
10 Replies

7. UNIX for Advanced & Expert Users

Automate setting of group permissions

What would be a practical way of making sure files I upload to/edit in a particular directory on a server always have the correct group permissions? I'm forgetful, so I try to automate things like chgrp'ing the files when I'm done. I could write a script to be run by cron. Is that the only way,... (2 Replies)
Discussion started by: mregine
2 Replies

8. UNIX for Dummies Questions & Answers

Root group permissions

Hi everybody, which are the root group permissions and how can I give to a user these rights? Thanks in advance. (2 Replies)
Discussion started by: bmayao
2 Replies

9. UNIX for Advanced & Expert Users

Group permissions question

I have a user who has had an id change. His old id was xl00 his new id b000999. Both id's are in group bauser. The user now cannot access his old files even though he is in the same group and permissions seem to be ok. See below, first 2 files he can't see, second two are no problem. ... (2 Replies)
Discussion started by: dw82199
2 Replies

10. Web Development

Group and user permissions on mediawiki

I am working on setup a wiki which should have users and group having read or write permission. Before that we were using simple write to all methodology. Now the challenge is this that i have created a 3 users and all of the 3 are able to write to wiki and update the page. Now what i what to... (0 Replies)
Discussion started by: sunnysthakur
0 Replies

LEARN ABOUT REDHAT

setuid

SETUID(2)						     Linux Programmer's Manual							 SETUID(2)

NAME

       setuid - set user identity

SYNOPSIS

       #include <sys/types.h>
       #include <unistd.h>

       int setuid(uid_t uid);

DESCRIPTION

       setuid  sets the effective user ID of the current process.  If the effective userid of the caller is root, the real and saved user ID's are
       also set.

       Under Linux, setuid is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.  This allows a setuid (other than  root)  pro-
       gram to drop all of its user privileges, do some un-privileged work, and then re-engage the original effective user ID in a secure manner.

       If  the	user is root or the program is setuid root, special care must be taken. The setuid function checks the effective uid of the caller
       and if it is the superuser, all process related user ID's are set to uid.  After this has occurred, it is impossible  for  the  program	to
       regain root privileges.

       Thus, a setuid-root program wishing to temporarily drop root privileges, assume the identity of a non-root user, and then regain root priv-
       ileges afterwards cannot use setuid.  You can accomplish this with the (non-POSIX, BSD) call seteuid.

RETURN VALUE

       On success, zero is returned.  On error, -1 is returned, and errno is set appropriately.

ERRORS

       EPERM  The user is not the super-user, and uid does not match the real or saved user ID of the calling process.

CONFORMING TO

       SVr4, SVID, POSIX.1.  Not quite compatible with the 4.4BSD call, which sets all of the real, saved, and effective user IDs.  SVr4 documents
       an additional EINVAL error condition.

LINUX-SPECIFIC REMARKS
       Linux  has the concept of filesystem user ID, normally equal to the effective user ID.  The setuid call also sets the filesystem user ID of
       the current process.  See setfsuid(2).

       If uid is different from the old effective uid, the process will be forbidden from leaving core dumps.

SEE ALSO

       getuid(2), setreuid(2), seteuid(2), setfsuid(2)

Linux 1.1.36							    1994-07-29								 SETUID(2)
All times are GMT -4. The time now is 08:09 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy