Hi,
I have a script, 'transfer_file' that has setuid permissions set and is running on Solaris 9 and 10.
From within this script I need to run a sftp command to transfer a file to a remote server. The public keys of the script owner have been transferred to the remote server and files and remote listings can be transferred without problem from the command prompt.
However when the sftp command is run from within the script it requests that a password be entered when run by another user id.
Script permissions are:
Code:
-rwsrwxr-- 1 script_owner group 1206 Apr 15 11:06 transfer_file
The relevant code within this script is below
Code:
echo "Running as `whoami`\nID information is `id`\n"
sftp remote_user@remote_server <<EOF
ls -l
quit
EOF
When run as 'script_owner' it runs correctly and produces the following output
Code:
prompt > transfer_file
/dev/fd/3
Running as 'script_owner'
ID information is uid=3031(script_owner) gid=350(group)
Connecting to remote_server...
sftp> drwxr-xr-x 0 63533 64167 8192 Apr 14 16:09 .
drwxrwxrwx 0 0 1000800 8192 Oct 20 16:49 ..
-rw------- 0 63533 64167 3720 Apr 14 20:36 .sh_history
drwx------ 0 63533 64167 8192 Mar 14 08:41 .ssh
drwxr-xr-x 0 63533 64167 8192 Apr 11 15:07 .ssh2
However when run as a different user it produces the following:
Code:
prompt > transfer_file
Running as 'script_owner'
ID information is uid=3012(user_1) gid=350(group) euid=3031(script_owner)
Connecting to remote_server...
dixtusrd@s0da.r1-core.r1s password:
Is this a restriction of ssh to disallow remote connections without entering a password when using setuid ?
I do not have the password for the user on the remote server.
Id be surprised it ever worked...
You agree with me set UID is "execute the command as..." only a shell script is a sequence of many so what is in it will be executed as the true UID ... There are ways of doing but it (may) create potential security issues, so the safest way ( and politically correct way) is to use sudo in order to become that user then you can even change the perms so only that user can read and execute your script and improved your security...
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Dear All,
I have a requirement where I have to SFTP or SCP a file in a batch script. Unfortunately, the destination server setup is such that it doesn't allow for shell command line login. So, I am not able to set up SSH keys. My source server is having issues with Expect. So, unable to use... (5 Replies)
Hi,
I have the following 3 test files to test setuid bit which if it works I would like to implement in our application. However setuid doesnot seem to be having any impact on my test below.Following are the 3 files of interest in /tmp/ folder.
$ ls -ltr *env*
-rw------- 1 g332008 users 6... (23 Replies)
Hi,
I have situation where i need to automate transferring 10000+ files using sftp.
while read line
do
if ; then
echo "-mput /home/student/Desktop/folder/$line/* /cygdrive/e/folder/$line/">>sftpCommand.txt
fi
done< files.txt
sftp -b sftpCommand.txt stu@192.168.2.1
The above... (1 Reply)
Hi Gurus,
I need your suggestions,to implement setuid.
Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location... (6 Replies)
Hi,
I have a script (a.pl) that can be run by anyone. The script internally has to read a file and write into few files which are owned by user 'myUser'.
Has to read the following file:
-rwx------ 1 myuser myuser 4986 Aug 20 18:11 my.file
Has to write into following files:
... (0 Replies)
Hi,
I have been looking at setuid and setgid.
I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?!
But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere..
Any help... (1 Reply)
I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script.
The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable.
The reason why I am... (2 Replies)
