HPE Community
Operating System - HP-UX
1832510 Members
4707 Online
110043 Solutions
New Discussion

emergency help: should I use setuid in this situation or something else

 
Hanry Zhou
Super Advisor

‎05-26-2004 03:04 AM

‎05-26-2004 03:04 AM

emergency help: should I use setuid in this situation or something else

I have a number of files "xyz.1", xyz.2",... under the directory "dirname"

cd dirname(with permission of 775)
ls -l
-rw-rw---- david users xyz.1
-rw-rw---- david users xyz.2
...

now, I have another id called "john", and he belongs to group "grp-a", and "john" want to be able to read all these xyz.* files. What I should do to achive this?

I did chmod 2775 on dirname, but "john" still can't read all these xyz.* file.

Can 2775 to achive what I want, and what is the correct method to achive what I want.

Thanks,

none
0 Kudos
Reply
10 REPLIES 10
Patrick Wallek
Honored Contributor

‎05-26-2004 03:09 AM

‎05-26-2004 03:09 AM

Re: emergency help: should I use setuid in this situation or something else

SETUID and SETGID have absolutely nothing to do with being able to read a file. They only effect an executable (shell script or program) file.

If user john needs to read the xyz.* files, add him to the users group. Just keep in mind that at that point he has access to anything with a group of users and the appropriate permissions.
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎05-26-2004 03:09 AM

‎05-26-2004 03:09 AM

Re: emergency help: should I use setuid in this situation or something else

Do a "ln /etc/group /etc/logingroup", then find the entry for "users" in /etc/group and append "john" at the end.

This will allow john to have access to files/directories that are part of the "users" group, and john remains part of the grp-a group.

HTH

-- Rod Hills
There be dragons...
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎05-26-2004 03:10 AM

‎05-26-2004 03:10 AM

Re: emergency help: should I use setuid in this situation or something else

Hi Hanry,

Use chmod in that dir as follows:

chmod 664 *

this will set -rw-rw-r-- & give read rights to others.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎05-26-2004 03:12 AM

‎05-26-2004 03:12 AM

Re: emergency help: should I use setuid in this situation or something else

Hi,

SUDO can help you here as you can configure it such that "John" can see the files under "dirname" as "david". But be cautious while configuring sudoers as you may inadvertantly open-up security holes.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Hanry Zhou
Super Advisor

‎05-26-2004 04:00 AM

‎05-26-2004 04:00 AM

Re: emergency help: should I use setuid in this situation or something else

Sri,

Can you please explore it a little bit more for me?

all these xyz.* file has permission of 660, and grouped by users, but "john" is not part of that group. I did chmod 2775 on "dirname" which contains all these xyz.* files, but john still can not read these files.

BAsed other postings, I can't achieve what I want by setting setgid.
none
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎05-26-2004 04:12 AM

‎05-26-2004 04:12 AM

Re: emergency help: should I use setuid in this situation or something else

You are right.

As I said in my first reply the SETGID bit has ABSOLUTELY NOTHING to do with being able to read a file. SETUID and SETGID are ONLY applicable to executable files. Setting the SETGID bit will NOT help you in this case.

You must either add john to the users group, or change the permissions of the xyz.* files to be world readable.

# chmod o+r xyz.*

or

# chmod 664 xyz.*
0 Kudos
Reply
KapilRaj
Honored Contributor

‎05-26-2004 04:16 AM

‎05-26-2004 04:16 AM

Re: emergency help: should I use setuid in this situation or something else

Check the directory permissions ... Does others have a "x" permission if not it will not allow anybody to get in there

Once done change the file permissions to 664 so that "Mr. john "can read it


Kaps
Nothing is impossible
0 Kudos
Reply
Bharat Katkar
Honored Contributor

‎05-26-2004 04:19 AM

‎05-26-2004 04:19 AM

Re: emergency help: should I use setuid in this situation or something else

HANRY,
Simple and URGENT way to do it is to add the JOHN to USERS group.
Take care of John getting exposed to USERS group.
That's it.

Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎05-26-2004 04:24 AM

‎05-26-2004 04:24 AM

Re: emergency help: should I use setuid in this situation or something else

Do a "man logingroup" for an explanation on how to give group access to users who are members of another group...

-- Rod Hills
There be dragons...
0 Kudos
Reply
Marvin Strong
Honored Contributor

‎05-26-2004 05:09 AM

‎05-26-2004 05:09 AM

Re: emergency help: should I use setuid in this situation or something else

If the user needs to access files from anyone in that other group add him to that group also, in /etc/group, and link /etc/logingroup to /etc/group if its not already done.

If he only needs access to that one directory of files, and not all files that belong to group "grp-a" then, just change the permissions on the files so they are world readable. (as stated above)


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.