Special File Permissions Setgid and setuid ..HELP


 
Thread Tools Search this Thread
Operating Systems Solaris Special File Permissions Setgid and setuid ..HELP
# 1  
Old 09-19-2013
Special File Permissions Setgid and setuid ..HELP

I have a user AAA who's who is part of a group call clserv and techsupp, His userfiles have the following permissions:-

Code:
drwxrwx---  16 AAA     clserv      1858 Aug 22 12:48 UserFiles

he has a link in his UserFiles/

Code:
lrwxrwxrwx   1 root     root          36 Mar  9  2013 TECHSUPP_GLOBAL -> /home/files/techsupp/TECHSUPP_GLOBAL

he saves pdf's from a scanner in the following

Code:
drwxrws---  10 AAA     techsupp      10 Jul  2 13:03 COMPLAINT-DOCUMENTS-LIBRARY

drwxrwsr-x   2 AAA     techsupp       3 Jun 21 15:28 A
drwxrwsr-x   4 AAA     techsupp       4 Jul  2 13:04 B
drwxrwsr-x   4 AAA     techsupp       4 Jul  2 13:04 C

When saving the pdf from the scanner in the above directories the other people in his dept 'techsupp' can not open the files????? even though they are a part of the same group and the s for 'others' ....still dont work??? HELP...is it some sort UMASK issues?? ...newbie lost

Why isn't Sticky/suid working? I would like all members of “techsupp” to be able to open pdf's in the A,B,C Directories which is own by user AAA

Can any of you tell me what im doing wrong or why this setup isnt working?? thanks in advance

Thanks

Last edited by Scott; 09-19-2013 at 04:59 PM.. Reason: Please take the time to better format your posts.
# 2  
Old 09-19-2013
What permissions and owners do the PDF's end up as?
# 3  
Old 09-19-2013
Can the other users cd to the A B C directories?
If not, ensure the parent directory permission is at least 711 (x bit for all).
# 4  
Old 09-20-2013
Quote:
Originally Posted by Corona688
What permissions and owners do the PDF's end up as?
the permissions are 600 (rw-------) when saved from xerox workcentre to his userfiles... However when he puts the pdf in directory A B C they should inherit the sticky and group permissions... ???

all other users can cd into A B C see the files but cant view the pdfs ??

thanks for your replies Smilie

how comes the scanners default permissions override the systems permission>??

Last edited by kilobyter; 09-20-2013 at 07:49 AM..
# 5  
Old 09-20-2013
I believe this issue is caused by a misunderstanding of the sticky bit, SUID, SGID, and the like. If I am not mistaken, you are just trying to allow the users of the techsupp group to open the PDF files owned by the user AAA, which are created using a scanner. Am I correct?
  • The sticky bit here should be set if you don't want to allow other users (except for root and the owner of the files) to delete / rename those files.
  • SUID and SGID are typically set for executables --> So a workaround that you could try is setting them for the executable that OPENS the PDF files instead for the files themselves.
In this link you can find a good reference on SUID, SGID, and the sticky bit.
Other than that, I would check the samba configuration file (if this is a shared printer over a network) and make sure the create mask and the directory mask are correctly set.
Code:
[PDF]
        comment = Print to create PDF
        path = /var/spool/samba
        create mask = 0644
        directory mask = 0755

Hope any of this helps Smilie.
# 6  
Old 09-20-2013
Quote:
Originally Posted by kilobyter
the permissions are 600 (rw-------) when saved from xerox workcentre to his userfiles...
You forgot to tell me what the ownerships were... That's what the group-sticky bit on directories is supposed to do. It doesn't have anything to do with rwx------, because it's possible for it to be the right owner and group and set unreadable.
Quote:
how comes the scanners default permissions override the systems permission>??
umask, which gets set on login in various ways. What's your FTP daemon?
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

2. Shell Programming and Scripting

Setuid and setgid and similar settings

so im writing a script for a android system. these types of systems are not the typical unix systems. what i need to do is basic. i have a script which I put in a directory and then zipped up the directory in a zip file. that way, when the script is unzipped, the person unzipping will see... (1 Reply)
Discussion started by: SkySmart
1 Replies

3. Shell Programming and Scripting

Setuid not working in Linux as script fails to write to file.

Hi, I have the following 3 test files to test setuid bit which if it works I would like to implement in our application. However setuid doesnot seem to be having any impact on my test below.Following are the 3 files of interest in /tmp/ folder. $ ls -ltr *env* -rw------- 1 g332008 users 6... (23 Replies)
Discussion started by: waavman
23 Replies

4. UNIX for Dummies Questions & Answers

How can I re-enable the setuid or setgid bits ???

While I was looking for tips for hardening the security of my MAC OSX I found the following posting: "<How to disable Setuid and Setgid Binaries > Setuid programs run with the privileges of the file's owner (which is often root), no matter which user executes them. Bugs in these programs... (6 Replies)
Discussion started by: Vera
6 Replies

5. Shell Programming and Scripting

ksh; Change file permissions, update file, change permissions back?

Hi, I am creating a ksh script to search for a string of text inside files within a directory tree. Some of these file are going to be read/execute only. I know to use chmod to change the permissions of the file, but I want to preserve the original permissions after writing to the file. How can I... (3 Replies)
Discussion started by: right_coaster
3 Replies

6. Solaris

pkgadd and setuid in admin file

Hi I am trying to automate the install of a package, I realise that I need to create an admin file, but as part of the install I am asked if I want to install these as setuid/setgid files, I want to say yes. What value am I supposed to use for setuid= in the admin file Thanks (1 Reply)
Discussion started by: eeisken
1 Replies

7. Solaris

about setuid setgid permissions

hi.. why we go for setuid, setgid permissions? as a system admin ,when we use this ,except default solaris setuid,setgid files and dirs.. hopes that anyone can help me regarding this.. (1 Reply)
Discussion started by: saravananpalani
1 Replies

8. Shell Programming and Scripting

Searching for SETUID and SETGID using PERL file find with lstat

About System and Perl: Sun Solaris 5.9 sparc, Perl 5.6.1 I've decided to use the perl file::find module to look for all the SETUID and SETGID files on my unix boxes. I wrote something like this: (I've shorted it a little to make it simple) #!/opt/perl/bin/perl use File::Find; find... (1 Reply)
Discussion started by: x96riley3
1 Replies

9. UNIX for Dummies Questions & Answers

Using setuid and setgid

Hi, I have been looking at setuid and setgid. I understand that setuid determines who owns the file and setgid determines which group of people can access the file... yeah?! But i need to know how to actually use setuid and setgid. I'm guessing chmod will feature somewhere.. Any help... (1 Reply)
Discussion started by: crispy
1 Replies
Login or Register to Ask a Question