topic Re: suid on directory does not change ownership to that of owner of directory ?? in Operating System - HP-UX

suid on directory does not change ownership to that of owner of directory ??

Sammy_2 — Mon, 20 Oct 2008 16:17:32 GMT

HPUX 11.11

# ls -ld /app/test
drwsrwsr-x 2 subir01 eteam 1024 Oct 20 11:58 /app/test

If user "clyde18" touches file in above dir, I was expecting the owner to be subir01 (according to SUID set on directory) . Why is OS setting owner to that of the userid who touched file.
$ id
uid=12216(clyde18) gid=206(eteam)
$ touch /app/test/myperms

$ ls -ld /app/test/myperms
-rw-rw---- 1 clyde18 eteam 0 Oct 20 12:11 /app/test/myperms

Thanks for help in advance.

Re: suid on directory does not change ownership to that of owner of directory ??

jerry1 — Mon, 20 Oct 2008 16:30:42 GMT

Because that is the behavior now.
Setting u+s does not make files created in
that directory owned by owner of the directory. Only the group if g+s is set.

The man pages are not kept up to date
nowadays.

Re: suid on directory does not change ownership to that of owner of directory ??

James R. Ferguson — Mon, 20 Oct 2008 16:35:13 GMT

Hi Sammy:

The directory's *group* owner is what will be conferred to the newly created file when the the directory has its 'setgid' bit set.

Regards!

...JRF...

Re: suid on directory does not change ownership to that of owner of directory ??

Sammy_2 — Mon, 20 Oct 2008 18:35:41 GMT

Thanks Jerry and JRF.
Then do you know of a way so I can redirect user's history file to a directory so he can not delete or edit it. Right now, the .sh_history file is owned by the user by default and so he can modify it.

.profile of user "dp" below
======
HISTFILE="$ARCHIVE_DIR/.sh_history_$LOGNAME_PID_$$" ; export HISTFILE

output in $ARCHIVE_DIR

Right now, the dp user can edit this file and delete the commands he entered.

-rw------- 1 dp escript 174 Oct 20 14:33 .sh_history_DP_PID_8243

Thanks

Re: suid on directory does not change ownership to that of owner of directory ??

Patrick Wallek — Mon, 20 Oct 2008 18:44:52 GMT

If the user can't edit the history file, how is he/she supposed to use the history functionality?

Re: suid on directory does not change ownership to that of owner of directory ??

James R. Ferguson — Mon, 20 Oct 2008 18:48:17 GMT

Hi (again) Sammy:

> Then do you know of a way so I can redirect user's history file to a directory so he can not delete or edit it. Right now, the .sh_history file is owned by the user by default and so he can modify it.

You're asking for your cake and to eat it too.

The shell needs to have write-access to the directory in which you tell it to create a history file. Directory write-access infers the ability to delete a file. File write-ability means that all or some the data within can be munged.

Regards!

...JRF...

Re: suid on directory does not change ownership to that of owner of directory ??

Sammy_2 — Mon, 20 Oct 2008 19:37:01 GMT

Thanks to all who replied.

The goal was to monitor user activities (once they sudo to application acct) so if they rm a file, we (sys admins and mgrs) can look in the history log who did what. Mgmt wanted to prevent users from cleaning their own .sh_history file after some nefarious activity.

But seems like we can't do it so may have to suggest powerbroker tool (which costs money).

Thanks

Re: suid on directory does not change ownership to that of owner of directory ??

Dennis Handly — Tue, 21 Oct 2008 06:46:52 GMT

>JRF: The shell needs to have write-access to the directory in which you tell it to create a history file.

No it doesn't if you manually create an empty file there. But this doesn't really help.

>File write-ability means that all or some the data within can be munged.

Unfortunately this is what will allow the data to be munged.
What Sammy needs is a file with append only access, a pipe. Unfortunately that won't work as a history file.