HPE Community
Operating System - HP-UX
1752762 Members
4957 Online
108789 Solutions
New Discussion юеВ

Ramifications of SUID

 
SOLVED
Go to solution
Mike Rightmire
Frequent Advisor

тАО10-17-2001 09:02 AM

тАО10-17-2001 09:02 AM

Ramifications of SUID

I an writing a script which will be run as root. I need this script to start an Informix database as a different user.

My question is this, if I create a separate script which starts Informix, AND set this script to the user ID I wish via setuid, when I run this start script as root...is this the same in all ways as an su to the Informix user and running a script to start Informix?

I am not sure of all the ramifications (positive and negative) of using setuid to start a progrm. I know that Informix will not show the informix user as the process owner, but will identify the process with the informix user. Very confusing!

Thanks!~
Mike
"If we treated each person we met as if they were carrying an unspeakable burden, we might almost treat each other as we should." Dale Carnegie
0 Kudos
Reply
6 REPLIES 6
harry d brown jr
Honored Contributor

тАО10-17-2001 09:07 AM

тАО10-17-2001 09:07 AM

Re: Ramifications of SUID

Does your script start informix as the informix user now, if you are logged in as root? If so, then go for it, just make sure you change the permissions to 750 (rwxr-x---) so that no normal user can fire it up, and so that only root can change the script.
Live Free or Die
0 Kudos
Reply
Darrell Allen
Honored Contributor

тАО10-17-2001 09:11 AM

тАО10-17-2001 09:11 AM

Solution

Re: Ramifications of SUID

Hi Mike,

The usual method for running a command as another user is:
su - loginid -c "command line with options"
This effectively runs the script as the loginid you specified. If called by any other user than root passwords would apply.

Sounds like you want to set the setuid bit on the script that is owned by informix. Be aware that anyone who has execute permissions on the script would run it as informix. Don't allow them to write permissions or they could put what they want in the script. At any rate, I'd go with the su - method.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
Santosh Nair_1
Honored Contributor

тАО10-17-2001 09:21 AM

тАО10-17-2001 09:21 AM

Re: Ramifications of SUID

SUIDed scripts are always a security problem. Its not hard to break a suid script. You have to be very meticulous in giving full paths to EVERYTHING. If you're running this script as root, then su - -c is a much better alternative. If you need others to be able to run this script, then its better if you write a small C program which run the script and then set the suid on the script.

Hope this helps.

-Santosh
Life is what's happening while you're busy making other plans
Reply
Bernie Vande Griend
Respected Contributor

тАО10-17-2001 09:58 AM

тАО10-17-2001 09:58 AM

Re: Ramifications of SUID

If the script only needs to run as root, then I'd suggest as mentioned above to use:
su - informix -c "program name"

That said, if root is the only one that needs to run the script, then having it setuid should be relatively safe as long as the permissions as set properly.
As for funtionality, either method should work, but I prefer to start the process directly as the user. I also try to stay away from using setuid scripts whenever possible as it is just a bad habit to get into because of all the security concerns.
Ye who thinks he has a lot to say, probably shouldn't.
Reply
Mike Rightmire
Frequent Advisor

тАО10-17-2001 10:03 AM

тАО10-17-2001 10:03 AM

Re: Ramifications of SUID

Thank you! the su - user -c commands was actually exactly what I was looking for. I was not familliar with that option, and thought suid was the only way to go. The su - unser -c within the script will do exactly what I want!

Thanks again!
Mike
"If we treated each person we met as if they were carrying an unspeakable burden, we might almost treat each other as we should." Dale Carnegie
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО10-17-2001 10:05 AM

тАО10-17-2001 10:05 AM

Re: Ramifications of SUID

Hi Mike:

In general setuid scripts are to be avoided. Since this is a database script, the easist method is to run this as su informix mycmd.sh
or su - informix mysh.cmd.

You have two choices for how to properly set up the environment. If you use su - informix and thus source informix's .profile then you must make sure that no tty dependent commands like tset, stty, tabs ... are executed. This means that you need to surround any of those commands with if [ -t 0 ] then cmds fi so that they are only executed in an interactive environment.

A beeter way is to set and export all the Informix vars in a separate script e.g. /usr/local/bin/informixenv.sh (there should be no exit statement in this file)
then both Informix's .profile and your startup script simply source this file like this:
. /usr/local/bin/informixenv.sh

This is my standard method for starting any database. Do the su informix mycmds.sh and let mycmds.sh source the informixenv.sh script.

One other method which can make su's fairly safe is the sudo command which you can download from one of the Porting Centers. I actually prefer to wrapper a small setuid C program.

Clay
If it ain't broke, I can fix that.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.