cancel
Showing results for 
Search instead for 
Did you mean: 

how to use " chmod +s xx"

SOLVED
Go to solution
hua_1
Frequent Advisor

how to use " chmod +s xx"

i create a use named "lctest" in tru64, and i want offer lctest the privilege to use the command " voldisk list", i use the "chmod +s" , but i failed. the steps here:
***********************
as a "root"
*****************
1 # cd /sbin
2 # ls -al voldisk
3 #-rwxr xr x 1 bin bin 90208 Jan 25 2003 voldisk
4 # chmod u+s voldisk
5 # chmod g+s voldisk
6 # ls -al voldisk
7 # -rwsr sr x 1 bin bin 90208 Jan 25 2003 voldisk
**********************************
as lctest
1 # su - lctest
2 >voldisk list
3 >You are not privileged to run voldisk
at this time , even the root use cannot excute the command.
as root user:
1 # voldisk list
2 # You are not privileged to run voldisk
what is the problem?
when i change the file attirbut back, the root user can excute.
9 REPLIES
hua_1
Frequent Advisor

Re: how to use " chmod +s xx"

create a new user named "lctest"
Venkatesh BL
Honored Contributor

Re: how to use " chmod +s xx"

ensure that the user belongs to the group "bin"
Michael Schulte zur Sur
Honored Contributor

Re: how to use " chmod +s xx"

Hua,

just be aware that this user will be able to anything voldisk allows not just list.

greetings,

Michael
hua_1
Frequent Advisor

Re: how to use " chmod +s xx"

thank u very much. but:
1.i have put the user "lctest" into group bin;
2.yet problem still remains.

when i change the file attribute to rwsr x r x, even the "root"cannot excute this command.
any suggestion?
Michael Schulte zur Sur
Honored Contributor

Re: how to use " chmod +s xx"

Hi,

this is really weird. voldisk has no s bit set at all on our computer. root should be able to run it anyway. the s bit allows only non root user to act as root user so it could not add anything for the root himself.
Please run pwck and grpck to see whether passwd and group are consistent.
Does it still say you are not priviledged?

greetings,

Michael
hua_1
Frequent Advisor

Re: how to use " chmod +s xx"

hi,
Hi,Michael :
nice to receive ur suggestion.
originally voldisk has no s bit set at my computer too. after i set the s bit with 'chmod +s",neither the "root" nor the "lctest" cannot run "voldisk".return same response:"You are not privileged to run voldisk".
lctest's pri goup was in group "bin"ã â systemâ ï¼

following is capatured:

nmgrhjf1# ls -al voldisk
-rwxrwxr-x 1 bin bin 90208 Jan 25 2003 voldisk
nmgrhjf1# chm0d u+s voldisk
nmgrhjf1# chmod g+s voldisk
nmgrhjf1# ls -al voldisk
-rwsrwsr-x 1 bin bin 90208 Jan 25 2003 voldisk
nmgrhjf1# su lctest
$ voldisk list
You are not privileged to run voldisk
$ exit

nmgrhjf1# ls -al voldisk
-rwsrwsr-x 1 bin bin 90208 Jan 25 2003 voldisk
nmgrhjf1# voldisk list
You are not privileged to run voldisk
nmgrhjf1# chmod u-s voldisk
nmgrhjf1# chmod g-s voldisk
nmgrhjf1# voldisk list
DEVICE TYPE DISK GROUP STATUS
dsk0 sliced - - unknown
dsk1 sliced - - unknown
dsk2 sliced - - unknown
dsk3b simple dsk3b rootdg online
dsk4 sliced - - unknown
dsk5 sliced - - unknown
dsk6 sliced - - unknown
dsk7 sliced - - unknown
dsk8 sliced - - unknown
dsk9 sliced - - unknown
dsk10 sliced dsk10 datadg1 online
dsk11 sliced dsk11 datadg1 online
dsk12 sliced dsk12 datadg1 online
nmgrhjf1# ls -al voldisk
-rwxrwxr-x 1 bin bin 90208 Jan 25 2003 voldisk
Michael Schulte zur Sur
Honored Contributor
Solution

Re: how to use " chmod +s xx"

Hi,

I have tried some things and I have come to the following insight.
voldisk must run as root.
setting the s bit makes it run as bin and therefore root no longer has the necessary priviledge.
You would have to set the owner to root, set the s bit and the group to something that only lstest is member of. voldisk can be run then as lctest. There are however some implications like problems when patching or security issues. So it is up to you.

greetings,

Michael
hua_1
Frequent Advisor

Re: how to use " chmod +s xx"

i changed file owner to root, then lctest can work.
originaly "ping" 's owner is root:bin.
ls -al ping
-rwsr-xr-x 1 root bin 49472 Jan 25 2003 ping
so, lctest also can use ping.
Michael Schulte zur Sur
Honored Contributor

Re: how to use " chmod +s xx"

Hi,

you do not need root for ping except for a few options like flooding.

greetings,

Michael
ps. thanks for the points!