HPE Community
Operating System - HP-UX
1852235 Members
5508 Online
104065 Solutions
New Discussion

suid bit

 
roger_101
Occasional Contributor

‎11-03-2004 06:14 AM

‎11-03-2004 06:14 AM

suid bit

Why is the suid bit enabled for these programs? Would any user other than root need to run these?

/sbin/lvchange.run
/sbin/lvmerge
/sbin/lvsplit
/sbin/lvsync
/nomwcsyncd
/sbin/vgsync

Thanks
0 Kudos
Reply
3 REPLIES 3
Sundar_7
Honored Contributor

‎11-03-2004 06:31 AM

‎11-03-2004 06:31 AM

Re: suid bit

Hi Roger,

You can ignore the SETUID bit on these programs. The programs has internal checks to check for the real UID of the user executing the file even though SETUID has been set.

Infact, all the LVM commands are hard linked to the same binary - /sbin/lvchange. It is just the name of the file that differs. interesting.. isn't it ?

- Sundar

Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Alzhy
Honored Contributor

‎11-03-2004 06:32 AM

‎11-03-2004 06:32 AM

Re: suid bit

They need to (as most other system level commands) since they access, modify or update files that are protected and must be secured.
Hakuna Matata.
0 Kudos
Reply
Sundar_7
Honored Contributor

‎11-03-2004 06:43 AM

‎11-03-2004 06:43 AM

Re: suid bit

Just to make sure you are not mislead - even if the SUID bit is not set and if the root runs the program, the process created can bypass all the access permission settings.

I cannot tell you why SUID is set for the lv* commands, but I can tell you it is not a security risk since LVM commands checks the REAL UID of the user before executing the operation.

So , even if a non-root user executes lvlnboot, for example, the effective UID of the process will be 0 but REAL UID of the process will still be that of the user's UID and thus the user will not be allowed to continue.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.