To understand SUID feature, I set SUID bit for a SHELL script.
Then I executed the program by a different user.
In order to understand how it works, I tried different ways like:
1) I didn't give execute permission for the other user (not an owner) and then he tried to execute it.
2) I made the script coded in a way so that when the owner runs, it behaves differently than when other user runs. This I did by including $LOGNAME in the script.
I also tried a few other ways to understand SUID but all these couldn't make me get how SUID works.
Please give me a SHELL script or whatever required so that I get how SUID can be used in real time.
The whole point of set-UID code (a.out format executables, executable shell scripts or, on most systems a script to be run by the interpreter named by a #! line at the start of a file) is that it runs with the permissions needed to access (read, write, or execute) anything that someone who had logged in as the owner of that file could access.
So, if you have personal files that are mode 700 (readable, writeable, and executable only by you) and you let someone run code that you own with the set-UID bit set, the user running that code can read, write, and execute those personal files if that code accepts names of files from the user causing the code to access those files.
For example, let's assume you have a file /Users/login/private containing:
Code:
login's password: xxx
login's bank and account number: xxx
set up such that ls -lfor that file produces:
Code:
-rw------- 1 login staff 59 Mar 30 21:42 /Users/login/private
And, assume you have a shell script /Users/login/bin/pp that contains:
Code:
#!/bin/ksh
cat /Users/login/private
that is readable and executable by anyone:
Code:
-rwxr-xr-x 1 login staff 36 Mar 30 21:46 /Users/login/pp
Then when the user named login runs this script, (s)he will see the contents of the file private displayed on the screen. But, if anyone else runs this script, they will see something like:
Code:
cat: /Users/login/private: Permission denied
But, if you make this script set-UID:
Code:
-rwsr-xr-x 1 login staff 36 Mar 30 21:46 /Users/login/pp
then when any user runs this script they will see the contents of the file.
Setting up a secure set-UID shell script is not something you should do unless you fully understand all of the ways that the script could be spoofed into performing undesired things to your personal data. If you look at the EXAMPLES section of the POSIX command utility in the Man Pages section of this forum, you can get an overview of some of the issues that need to be considered when writing set-UID shell scripts.
Last edited by Don Cragun; 03-31-2013 at 02:17 AM..
Reason: Add link to command utility man page
Don, I tried the way you told me earlier while practising SUID. Now, also, I did the same you wrote but still the other user can't read the private file.
Please have a look at the attachment which is self explanatory.
I logged in as "Bholua". She created filename "private.txt" with "700" permission.
She created bb.sh with "755" permission.
Then with su command , "chunmun" logged in the system. She ran bb.sh. She was able to execute the script but the same error message"permission denied" was shown when the private file had to be opened. That means "chunmun" couldn't get the power of the owner "Bholua".
Please see where the point is which we are missing.
Hoping to get a reply soon.
Don, earlier, I had checked by running like this also
Code:
./bb.sh
Now, also after reading your post I again ran like this but the same result.
My screenshot proves this.
Also, I had used my 1st line in bb.sh as
Code:
#! /bin/bash
(there is a space between #! and /bin/bash, I hope this shouldn't be a problem because your post doesn't reflect any space.)
But the same output. See my screenshot please.
And yes I was thinking how
Code:
#! /bin/bash
can be a problem as it's only an interpreter line to say which sub-shell I want to use for my script. In absence of that, obviously the same shell as of parent would have been used.
Also, Don although my screenshot shows that I changed the user using su command, but I tested running the script by logging off the owner "Bholua" and then logging back with the other user "chunmun".
MadeInGermany, can you please illustrate completely with an example so that it will be clear how to use. YOu can take the example already in the post. Now how to use in this example
I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way?
I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)
Hey guys,
Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries.
However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
I am in process of writing a library which can make any application of my product capable of creating core in the application's log folder with a product friendly core file name programatically. In my library I am registering for certain signals e.g. SIGILL, SIGFPE, SIGBUS, SIGSEGV, SIGSYS, SIGABRT... (5 Replies)
I am in process of writing a library which can make any application of my product capable of creating core in the application's log folder with a product friendly core file name programatically. In my library I am registering for certain signals e.g. SIGILL, SIGFPE, SIGBUS, SIGSEGV, SIGSYS, SIGABRT... (1 Reply)
Hi Guru,s/Geek,s
I need help to create RPM names from rpms.
Example :
a2ps-4.14-6.fc10.i386
perl-Email-Find-0.10-2.fc10.noarch
directfb-1.2.7-2.fc10.i386
libid3tag-0.15.1b-7.fc10.i386
apr-util-1.3.7-1.fc10.i386
libquicktime-1.0.3-4.fc10.i386
The Desired Output is :
a2ps... (2 Replies)
Hi ,
I want to create a new user using c program not with unix adduser command .
is it possible to write a cprogram to create a new user account , it should accept username , grouid , group name and all other privilages .
i can use system calls inside c program to do this .
i will... (5 Replies)
Aloha,
I'm attempting to use a C program to create directories and then use a system call to have another program write .dat files into that directory. I understand that I could use the "system("mkdir directory_name")" function however, I would like my program to create a new directory each time... (3 Replies)
03-31-2013
