- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SetUID behavior
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2007 07:37 AM
03-20-2007 07:37 AM
We have the SetUID on a file, so we want users to run it, to run it as ftpuser.
Like you can see, runing the whoami command shows it works, displaying ftpuser.
Here's a few tests commands..
[root@ACME /home/test/] ls -Fla test.sh
-rwsr-xr-x 1 ftpuser sys 49 Mar 20 16:24 test.sh*
[root@ACME /home/test/] cat ./test.sh
#!/usr/bin/sh
cd /userdisk/prod/msweb
pwd
whoami
[root@ACME /home/test/] ./test.sh
./test.sh[2]: /userdisk/prod/msweb: Permission denied.
/home/test
ftpuser
[root@HPUNIXA /home/test/] su ftpuser
[u@h /home/test/] cd /userdisk/prod/msweb
[u@h /userdisk/prod/msweb/]
[u@h /userdisk/prod/msweb/] id ftpuser
uid=xxx(ftpuser) gid=xxx(dti)
[root@ACME /userdisk/prod/] ls -Fla | grep msweb
drwxrws--- 3 appsfcpa dti 96 Jul 28 2005 msweb/
Is this normal behavior?
Hope this is not too much confusing..
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2007 08:03 AM
03-20-2007 08:03 AM
SolutionI must say that setuid scripts are something that should really, really be avoided because they are a security hole you can drive a truck through. This is the sort of thing that is much better done with sudo or at least a setuid C program. I don't allow setuid scripts on any of my boxes and on those OS versions where setuid scripts can be disabled in the kernel, I disable them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2007 08:08 AM
03-20-2007 08:08 AM
Re: SetUID behavior
Try to change group ownership of script to dti.
regards,
ivan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2007 12:01 AM
03-21-2007 12:01 AM
Re: SetUID behavior
I though than when a script was executed with a SetUID, you were inheriting is group security as well.
Maybe I should explain what we wanted to do. We often need to transfer files to different ftp sites. We wanted those ftp sites access(user and pass) to remain secret even to user who executed those scripts.
So we created a .netrc file on our ftpuser user, wich contains a database of ftp sites, users and pass.
So when executing the putftp script, it was run as this ftpuser.
Sounds more complex than it is, i'm just not good at puting idea on text! : )
Anyway, thanks for your help, i'll look for another way.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2007 12:17 AM
03-21-2007 12:17 AM
Re: SetUID behavior
Thanks