- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- 11.00 setuid
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-09-2009 02:42 PM
тАО07-09-2009 02:42 PM
This program can only be run by root, or it must be setuid root.
Here are the permissions on the binary to prove I'm not crazy:
-rwsr-xr-x 1 root sys
While researching I saw mention of a kernel parameter that doesn't allow setuid binaries (secure_sid_scripts), but this parameter doesn't exist on my system.
Any ideas?
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-09-2009 03:03 PM
тАО07-09-2009 03:03 PM
Re: 11.00 setuid
The kernel parameter 'secure_sid_scripts' didn't appear until 11i v1.6, Moreover, it applies only to scripts and not binary executables.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-09-2009 03:38 PM
тАО07-09-2009 03:38 PM
Re: 11.00 setuid
mount -p
Look for nosuid (option in fstab) which prevents SUID programs from running. This is a recommended setting for open directories like /home, /tmp and /var.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-10-2009 04:05 AM
тАО07-10-2009 04:05 AM
Re: 11.00 setuid
I all likelihood, Bill is correct. At least in current releases, if you mount a filesystem with the 'nosuid' option and attempt to execute a 'suid' binrary, you get the message:
...and execution (may) continue without the effective uid changed.
If this is indeed the case, you can remount VxFS filesystems by doing (for example):
# mount -F vxfs -o delaylog,suid,remount /mountpoint
Be sure to specify all the mount options otherwisse used for the mountpoint as recorded in your '/etc/fstab' when you do this.
Of course, to make the change permanent, edit '/etc/fstab'.
Lastly, if you do not want to allow 'setuid' behavior in the filesystem in question and that filesystem is mounted with 'nosuid', then consider moving your binary to a filesystem that _does_ allow setuid execution --- '/usr/local/bin' being one choice.
Regards!
...JRF...
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-10-2009 07:08 AM
тАО07-10-2009 07:08 AM
Re: 11.00 setuid
I have tried moving the binary to the various filesystems but have had no luck. Keep in mind the error message I'm getting is from the application, not from the OS, so I'm likely barking up the wrong tree with mount options.
Also of note, I got the binary directly from the Porting and Archive Center, so it wasn't anything I compiled incorrectly.
Any other ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-10-2009 10:07 AM
тАО07-10-2009 10:07 AM
SolutionThe "Installation" document in the Porting and Archive Centre says:
------
HP Porting Changes:
===================
[...]
Source Code: Changed seteuid to setuid. :0 Still works!)
Running:
========
As root.
------
I'd assume this means the person who did the porting did not even attempt to make it work for non-root users.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-10-2009 11:03 AM
тАО07-10-2009 11:03 AM
Re: 11.00 setuid
Thanks for the replies everyone!