Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: root group permissions
Top Forums UNIX for Dummies Questions & Answers root group permissions Post 9694 by Perderabo on Thursday 1st of November 2001 09:05:05 AM
Old 11-01-2001
I must disagree with this advice. Only a process whose effective uid is zero can do superuser stuff. This is very deeply embedded in the kernel and no amount of fiddling with inodes in a filesystem is going to confer superuser status on a process just because it is a member of a group called root. You would also need to set the suid bit on many files and ensure that they are owned by root to have a shot at this. Say good-bye to system security if you do.

Even if you could do this, you shouldn't want to. It's a good thing that your normal account can't do root stuff. The first time you accidently type "rm *" while cd'ed to /etc and find that you did no damage will compensate you for needing to type "su" and enter a password every now and then.

Take a look at this thread. You are going to greatly increase the chance that this happens to you.
 

10 More Discussions You Might Find Interesting

1. Filesystems, Disks and Memory

group permissions/webserver

Hi, there is one strange situation with directory permissions that I run into every now and then, and now I face it a gain with a webserver. Situation (example): drwxrwsr-x 14 user www-data 4096 Jul 28 11:06 . drwxr-xr-x 2 www-data www-data 4096 Jul 28 11:06 subdir -rwxr-xr-x 1... (3 Replies)
Discussion started by: doozer
3 Replies

2. AIX

bin group strange permissions

I was doing a little playing around with permissions on a 5.3 box in the office and wanted to make it so that it does not take root permission to delete a users home directory once they are deactivated or deleted in smit. the default permissions are 755 with bin as both user and group I noticed... (2 Replies)
Discussion started by: dgaixsysadm
2 Replies

3. Shell Programming and Scripting

checking Permissions of file for OTHERS and GROUP

Hi, Is their a way to check the read and execute permission on a file on OTHERS and GROUP rwxr--r-x I am trying something like: if ( || ) then .... fi The code above only checks the permissions of the owner of the file but not for the GROUP and OTHERS. I will really... (5 Replies)
Discussion started by: rkumar28
5 Replies

4. Solaris

Changing root group to group from other

Does any one know if changing root's group from “other” to “root” will cause any problems on a running system. Thanks (4 Replies)
Discussion started by: mjkroner
4 Replies

5. UNIX for Dummies Questions & Answers

Group permissions

Hi, I've created a user named fwadmin, group named fwadmin and made the user belong to that group. I created the user and group using the 'User Manager' in Centos. The user belongs to /etc/fw.Does this also mean that the group fwadmin belongs to /etc/fw. That is what I want. But when I... (4 Replies)
Discussion started by: anaigini45
4 Replies

6. Solaris

Group Permissions - How to tell the difference

I am a member of a few different user groups. I would like to see what the difference is.... Can anyone tell me how to look at permissions side by side ? We are using : SunOS xxxxxx 5.10 Generic_127111-09 sun4u sparc SUNW,Sun-Fire-V440 Thanks ! (10 Replies)
Discussion started by: popeye
10 Replies

7. UNIX for Advanced & Expert Users

Automate setting of group permissions

What would be a practical way of making sure files I upload to/edit in a particular directory on a server always have the correct group permissions? I'm forgetful, so I try to automate things like chgrp'ing the files when I'm done. I could write a script to be run by cron. Is that the only way,... (2 Replies)
Discussion started by: mregine
2 Replies

8. UNIX for Dummies Questions & Answers

Root group permissions

Hi everybody, which are the root group permissions and how can I give to a user these rights? Thanks in advance. (2 Replies)
Discussion started by: bmayao
2 Replies

9. UNIX for Advanced & Expert Users

Group permissions question

I have a user who has had an id change. His old id was xl00 his new id b000999. Both id's are in group bauser. The user now cannot access his old files even though he is in the same group and permissions seem to be ok. See below, first 2 files he can't see, second two are no problem. ... (2 Replies)
Discussion started by: dw82199
2 Replies

10. Web Development

Group and user permissions on mediawiki

I am working on setup a wiki which should have users and group having read or write permission. Before that we were using simple write to all methodology. Now the challenge is this that i have created a 3 users and all of the 3 are able to write to wiki and update the page. Now what i what to... (0 Replies)
Discussion started by: sunnysthakur
0 Replies

LEARN ABOUT SUNOS

setuid32

SETUID(2)						     Linux Programmer's Manual							 SETUID(2)

NAME

       setuid - set user identity

SYNOPSIS

       #include <sys/types.h>
       #include <unistd.h>

       int setuid(uid_t uid);

DESCRIPTION

       setuid()  sets  the effective user ID of the calling process.  If the calling process is privileged (more precisely: if the process has the
       CAP_SETUID capability in its user namespace), the real UID and saved set-user-ID are also set.

       Under Linux, setuid() is implemented like the POSIX version with the _POSIX_SAVED_IDS feature.  This allows a set-user-ID (other than root)
       program	to  drop all of its user privileges, do some un-privileged work, and then reengage the original effective user ID in a secure man-
       ner.

       If the user is root or the program is set-user-ID-root, special care must be taken: setuid() checks the effective user ID of the caller and
       if  it is the superuser, all process-related user ID's are set to uid.  After this has occurred, it is impossible for the program to regain
       root privileges.

       Thus, a set-user-ID-root program wishing to temporarily drop root privileges, assume the identity of an unprivileged user, and then  regain
       root privileges afterward cannot use setuid().  You can accomplish this with seteuid(2).

RETURN VALUE

       On success, zero is returned.  On error, -1 is returned, and errno is set appropriately.

       Note:  there  are  cases where setuid() can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure
       return from setuid().

ERRORS

       EAGAIN The call would change the caller's real UID (i.e., uid does not match the caller's real UID), but  there	was  a	temporary  failure
	      allocating the necessary kernel data structures.

       EAGAIN uid  does  not  match the real user ID of the caller and this call would bring the number of processes belonging to the real user ID
	      uid over the caller's RLIMIT_NPROC resource limit.  Since Linux 3.1, this error case  no	longer	occurs	(but  robust  applications
	      should check for this error); see the description of EAGAIN in execve(2).

       EINVAL The user ID specified in uid is not valid in this user namespace.

       EPERM  The user is not privileged (Linux: does not have the CAP_SETUID capability) and uid does not match the real UID or saved set-user-ID
	      of the calling process.

CONFORMING TO

       POSIX.1-2001, POSIX.1-2008, SVr4.  Not quite compatible with the 4.4BSD call, which sets all of the real, saved, and effective user IDs.

NOTES

       Linux has the concept of the filesystem user ID, normally equal to the effective user ID.  The setuid() call also sets the filesystem  user
       ID of the calling process.  See setfsuid(2).

       If uid is different from the old effective UID, the process will be forbidden from leaving core dumps.

       The  original  Linux  setuid() system call supported only 16-bit user IDs.  Subsequently, Linux 2.4 added setuid32() supporting 32-bit IDs.
       The glibc setuid() wrapper function transparently deals with the variation across kernel versions.

   C library/kernel differences
       At the kernel level, user IDs and group IDs are a per-thread attribute.	However, POSIX requires that all threads in a  process	share  the
       same  credentials.   The NPTL threading implementation handles the POSIX requirements by providing wrapper functions for the various system
       calls that change process UIDs and GIDs.  These wrapper functions (including the one for  setuid())  employ  a  signal-based  technique	to
       ensure  that  when one thread changes credentials, all of the other threads in the process also change their credentials.  For details, see
       nptl(7).

SEE ALSO

       getuid(2), seteuid(2), setfsuid(2), setreuid(2), capabilities(7), credentials(7), user_namespaces(7)

COLOPHON

       This page is part of release 4.15 of the Linux man-pages project.  A description of the project, information about reporting bugs, and  the
       latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.

Linux								    2017-09-15								 SETUID(2)
All times are GMT -4. The time now is 04:21 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy