HPE Community
Operating System - HP-UX
1826215 Members
2886 Online
109691 Solutions
New Discussion

Re: suid doesn't work

 
SILVERSTAR
Frequent Advisor

‎09-27-2004 12:45 AM

‎09-27-2004 12:45 AM

suid doesn't work

Hi,

-rwsrwxr-x 1 user1 group1 76 Sep 27 14:30 luppa.sh

I need that "user2" that is part of group1 is able to run luppa.sh and the process generated is owned by "user1".

Question 1)
I have set the suid bit as above but when running the script the process generated is owned by user2 instead of user1.

Question2)
I need that all the script executed by luppa.sh are owned by user1. Is this possible ?
In the current test I was not able to make it as well, I mean the process started by luppa.sh was belonging to user2.

How can I make it work ?

Regards.
Angelo
0 Kudos
Reply
9 REPLIES 9
John Palmer
Honored Contributor

‎09-27-2004 01:12 AM

‎09-27-2004 01:12 AM

Re: suid doesn't work

This may work on certain versions of HP-UX but be aware that many people consider it a security risk.

Ensure that your script starts with the line:-
#!/usr/bin/sh
or whatever shell you are using.

If this still doesn't work, you'll have to write a simple C program which exec's your script.

Regards,
John
0 Kudos
Reply
SILVERSTAR
Frequent Advisor

‎09-27-2004 01:53 AM

‎09-27-2004 01:53 AM

Re: suid doesn't work

Hi,

I have tried adding the shell specification and building and compiling the c script but I get the same issue.

more run_luppa.c
#include
#include
#include

main ()
{
system ("/EDP/EDP/JOB/luppa.sh");
}



I have the following system:
B.11.11 U 9000/800 1100404631 unlimited-user license
Do you think it is responsible of this behaviour ?

Thanks
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-27-2004 02:38 AM

‎09-27-2004 02:38 AM

Re: suid doesn't work

You have set the setuid correctly but open to group users / others to execute that particular shell program / c program there.

So that user user2 on group1 will be having the permission to execute from
-rwsrwxr-x 1 user1 group1 76 Sep 27 14:30 luppa.sh permission there.

Change that too,

4744 so that group users can read but not write or execute there.

If you change permission of any file , we can control permission there too.

Change permission to 4744 will work there.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Prashant Zanwar_4
Respected Contributor

‎09-27-2004 02:41 AM

‎09-27-2004 02:41 AM

Re: suid doesn't work

Install sudo on your system and it's config is simple. /etc/sudo.conf is what you have to deal with.
It works nice when we have to such tricks.
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Reply
SILVERSTAR
Frequent Advisor

‎09-27-2004 03:07 AM

‎09-27-2004 03:07 AM

Re: suid doesn't work

Hi Muthukumar,

I have changed the permission as you have suggested:
-rwsr--r-- 1 users1 group1 92 Sep 27 15:46 luppa.sh
-rwsr--r-- 1 users1 group1 20480 Sep 27 15:29 run_luppa

I am logged as user2 , user2 is in group1.

$ run_luppa
su: run_luppa: Execute permission denied.

Have I made the changes accordingly to your suggestion ?

thanks
Angelo
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-27-2004 03:37 AM

‎09-27-2004 03:37 AM

Re: suid doesn't work

Hi Angelo,

Try taking out the 'read' permissions for anyone except user1 (optional).

$chmod 1511 luppa.sh
$ll luppa.sh

-r-s--x--x user1 group1 76 Sep 27 14:30 luppa.sh

Also keep #!/usr/bin/ksh (or the shell you are using) as the start of the script as mentioned before.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-27-2004 10:17 PM

‎09-27-2004 10:17 PM

Re: suid doesn't work

SUID program on SHELL scripts are danger. It will make more issues while handling the execution.

I tried as, change the permission of shell file to 4755 (test.sh) and rights as,

4755 user1 group1

when user2:group1 tried to execute the shell of,
#!/usr/bin/sh
# test.sh
# 4755 user1 group1
uname -a

ps -ef | grep -v grep | grep $$

sleep 10
hostname

# exit
exit 0

You can see that every process are related to user1 there,

BUT on c coding it is very fine as,
// test.c - 4755 user1 group1
#include
#include
main()
{
printf ("SUID test starts\n");
sleep(2);
}

After the execution monitor with ps as,
ps -ef | grep -v grep | grep -w 'test'
--> test object name of executable

Now it is executing with uid of user1 there.

See more about SUID as,
http://www.samag.com/documents/s=1149/sam0106a/0106a.htm
http://www.unix.org.ua/orelly/networking/puis/ch05_05.htm
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-27-2004 10:20 PM

‎09-27-2004 10:20 PM

Re: suid doesn't work

And an effective example to your requirement is,

/usr/bin/passwd binary there.

ll /usr/bin/passwd
will be the answer for this. Change that accordingly so that user operation will be exected with that user id correspondingly.

You can know the file type as,
$ file /usr/bin/passwd
so that it is an binary executable.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Cesare Salvioni
Trusted Contributor

‎09-27-2004 10:32 PM

‎09-27-2004 10:32 PM

Re: suid doesn't work

Hi
the minimum permissions to reach your goal should be
rwsr-xr-x user1 group1

This should be enough. You need both r and x bit on the file to let users belonging to group1 to execute the script (the read permission is a MUST if the file is a script, it is not necessary only if the file is an executable)

No need to sudo, the bit s already makes the trick, the process will have the effective user id as user1 (owning the file) instead tha user2 (execing the file)

Try a simple script like

#!/usr/bin/sh
id
ps -f
rm -f /tmp/test.out
touch /tmp/test.out

save it as
rwsr-xr-x user1 group1 /tmp/test

and exec it by user2, you should see something like:

uid=302(user2) gid=301(group1) euid=301(user1)

while running the process will be shown as owned by user2, but the privileges are from effective userid (user1).
To check it, look at the file created by the script (/tmp/test.out): it should be owned by user1, not user2

This means that every command launched from the script will be executed as user1.

Only reason for this not to happen is if the file system has been mounted with option -o nosuid, in this case the bit s on uid will not work completely

hope it helps
Cesare
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.