topic suid doesn't work in Operating System - HP-UX

suid doesn't work

SILVERSTAR — Mon, 27 Sep 2004 07:45:08 GMT

Hi,

-rwsrwxr-x 1 user1 group1 76 Sep 27 14:30 luppa.sh

I need that "user2" that is part of group1 is able to run luppa.sh and the process generated is owned by "user1".

Question 1)
I have set the suid bit as above but when running the script the process generated is owned by user2 instead of user1.

Question2)
I need that all the script executed by luppa.sh are owned by user1. Is this possible ?
In the current test I was not able to make it as well, I mean the process started by luppa.sh was belonging to user2.

How can I make it work ?

Regards.
Angelo

Re: suid doesn't work

John Palmer — Mon, 27 Sep 2004 08:12:54 GMT

This may work on certain versions of HP-UX but be aware that many people consider it a security risk.

Ensure that your script starts with the line:-
#!/usr/bin/sh
or whatever shell you are using.

If this still doesn't work, you'll have to write a simple C program which exec's your script.

Regards,
John

Re: suid doesn't work

SILVERSTAR — Mon, 27 Sep 2004 08:53:58 GMT

Hi,

I have tried adding the shell specification and building and compiling the c script but I get the same issue.

more run_luppa.c
#include
#include
#include

main ()
{
system ("/EDP/EDP/JOB/luppa.sh");
}

I have the following system:
B.11.11 U 9000/800 1100404631 unlimited-user license
Do you think it is responsible of this behaviour ?

Thanks

Re: suid doesn't work

Muthukumar_5 — Mon, 27 Sep 2004 09:38:13 GMT

You have set the setuid correctly but open to group users / others to execute that particular shell program / c program there.

So that user user2 on group1 will be having the permission to execute from
-rwsrwxr-x 1 user1 group1 76 Sep 27 14:30 luppa.sh permission there.

Change that too,

4744 so that group users can read but not write or execute there.

If you change permission of any file , we can control permission there too.

Change permission to 4744 will work there.

Re: suid doesn't work

Prashant Zanwar_4 — Mon, 27 Sep 2004 09:41:46 GMT

Install sudo on your system and it's config is simple. /etc/sudo.conf is what you have to deal with.
It works nice when we have to such tricks.
Prashant

Re: suid doesn't work

SILVERSTAR — Mon, 27 Sep 2004 10:07:47 GMT

Hi Muthukumar,

I have changed the permission as you have suggested:
-rwsr--r-- 1 users1 group1 92 Sep 27 15:46 luppa.sh
-rwsr--r-- 1 users1 group1 20480 Sep 27 15:29 run_luppa

I am logged as user2 , user2 is in group1.

$ run_luppa
su: run_luppa: Execute permission denied.

Have I made the changes accordingly to your suggestion ?

thanks
Angelo

Re: suid doesn't work

Sridhar Bhaskarla — Mon, 27 Sep 2004 10:37:18 GMT

Hi Angelo,

Try taking out the 'read' permissions for anyone except user1 (optional).

$chmod 1511 luppa.sh
$ll luppa.sh

-r-s--x--x user1 group1 76 Sep 27 14:30 luppa.sh

Also keep #!/usr/bin/ksh (or the shell you are using) as the start of the script as mentioned before.

-Sri

Re: suid doesn't work

Muthukumar_5 — Tue, 28 Sep 2004 05:17:12 GMT

SUID program on SHELL scripts are danger. It will make more issues while handling the execution.

I tried as, change the permission of shell file to 4755 (test.sh) and rights as,

4755 user1 group1

when user2:group1 tried to execute the shell of,
#!/usr/bin/sh
# test.sh
# 4755 user1 group1
uname -a

ps -ef | grep -v grep | grep $$

sleep 10
hostname

# exit
exit 0

You can see that every process are related to user1 there,

BUT on c coding it is very fine as,
// test.c - 4755 user1 group1
#include
#include
main()
{
printf ("SUID test starts\n");
sleep(2);
}

After the execution monitor with ps as,
ps -ef | grep -v grep | grep -w 'test'
--> test object name of executable

Now it is executing with uid of user1 there.

See more about SUID as,
http://www.samag.com/documents/s=1149/sam0106a/0106a.htm
http://www.unix.org.ua/orelly/networking/puis/ch05_05.htm

Re: suid doesn't work

Muthukumar_5 — Tue, 28 Sep 2004 05:20:14 GMT

And an effective example to your requirement is,

/usr/bin/passwd binary there.

ll /usr/bin/passwd
will be the answer for this. Change that accordingly so that user operation will be exected with that user id correspondingly.

You can know the file type as,
$ file /usr/bin/passwd
so that it is an binary executable.

Re: suid doesn't work

Cesare Salvioni — Tue, 28 Sep 2004 05:32:14 GMT

Hi
the minimum permissions to reach your goal should be
rwsr-xr-x user1 group1

This should be enough. You need both r and x bit on the file to let users belonging to group1 to execute the script (the read permission is a MUST if the file is a script, it is not necessary only if the file is an executable)

No need to sudo, the bit s already makes the trick, the process will have the effective user id as user1 (owning the file) instead tha user2 (execing the file)

Try a simple script like

#!/usr/bin/sh
id
ps -f
rm -f /tmp/test.out
touch /tmp/test.out

save it as
rwsr-xr-x user1 group1 /tmp/test

and exec it by user2, you should see something like:

uid=302(user2) gid=301(group1) euid=301(user1)

while running the process will be shown as owned by user2, but the privileges are from effective userid (user1).
To check it, look at the file created by the script (/tmp/test.out): it should be owned by user1, not user2

This means that every command launched from the script will be executed as user1.

Only reason for this not to happen is if the file system has been mounted with option -o nosuid, in this case the bit s on uid will not work completely

hope it helps
Cesare