- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: restrict suid and sgid permissions
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 11:11 AM
тАО01-15-2009 11:11 AM
Re: restrict suid and sgid permissions
else you need to make a program with setuid root, which test getuid() and if it matches with the allowed one, then allow it
An other way:
put the command you want in a directory only accessible from a group of users, then add all the users who have the right to use it in that group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 12:24 PM
тАО01-15-2009 12:24 PM
Re: restrict suid and sgid permissions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 12:30 PM
тАО01-15-2009 12:30 PM
Re: restrict suid and sgid permissions
if not that, then he's pulling issues directly out of a security audit or some such...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-15-2009 03:19 PM
тАО01-15-2009 03:19 PM
Re: restrict suid and sgid permissions
> security audit
Or studying for a test and reading sample or previous test questions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 02:25 AM
тАО01-19-2009 02:25 AM
Re: restrict suid and sgid permissions
The switch user identification (SUID) and switch group identification (SGID) permissions were still used. If an SUID program were to give users unintended write access, the system would be exposed as the SUID program could be replaced by a program with a different function and be used to gain unrestricted access to root. The use of an SGID bit creates a special program, allowing an otherwise restricted user to access certain files in a predetermined way.
Recommended Action
The above list of programs should be checked to ensure that they are legitimate programs that require the powerful SUID privilege.
You should also check that:
1) Unauthorised changes have not been made to any of these programs;
2) The programs are being executed from the intended directories;
3)The associated Owner is appropriate and is not too powerful (i.e. does not have excessive permissions) for the program's function; and
4)The program's permission list does not allow write access to users who do not require it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 03:40 AM
тАО01-19-2009 03:40 AM
Re: restrict suid and sgid permissions
if a non root user modify a program with SUID root set, the SUID is reset.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 06:12 AM
тАО01-19-2009 06:12 AM
Re: restrict suid and sgid permissions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 06:49 AM
тАО01-19-2009 06:49 AM
Re: restrict suid and sgid permissions
HP-Server-Literate since 1979
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2009 08:23 AM
тАО01-19-2009 08:23 AM
Re: restrict suid and sgid permissions
# chown root:myrestrictedgroup
# chmod 550
# cp /usr/sbin/id /myrestricted
# chown root:myrest /myrestricted/id
# chmod 4550 /myrestricted/id
# grep myrest /etc/group
myrest::200:laurent
# su - laurent
$ /myrestricted/id
uid=250(laurent) gid=20(users) euid=0(root) groups=200(test)
# su - toto
$ /test/id
sh: /test/id: not found.
$ ls /test
/test unreadable
$
Does this answer to your question?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2009 05:04 AM
тАО01-20-2009 05:04 AM