HPE Community
Operating System - HP-UX
1834516 Members
2526 Online
110068 Solutions
New Discussion

Re: suid

 
SOLVED
Go to solution
f. halili
Trusted Contributor

‎07-14-2000 06:05 AM

‎07-14-2000 06:05 AM

suid

Any brief idea about suid???
Any good docs discussing suid??
derekh
0 Kudos
Reply
5 REPLIES 5
Philip Chan_1
Respected Contributor

‎07-14-2000 06:13 AM

‎07-14-2000 06:13 AM

Re: suid

Are you talking about Sybase? or HPUX?
0 Kudos
Reply
Brian M. Fisher
Honored Contributor

‎07-14-2000 06:18 AM

‎07-14-2000 06:18 AM

Solution

Re: suid

suid scripts are fairly risky to say the least. If they are not carefully coded, they can be broken out of giving a normal user root capability.
A much better approach to suid scripts/programs is to use the software sudo. A package to allow commands to be run as the superuser. Sudo determines who is an authorised user by consulting your /etc/sudoers database. The program prompts for a user's password to initiate a validation period of N minutes, here N is defined at installation time. N.B. There is no easy way to prevent a user from gaining a root shell if he has access to commands that are shell scripts or that allow shell escapes.
This is available at the Software Porting And Archive Centre for HP-UX:
http://hpux.cs.utah.edu/ or
http://hpux.cae.wisc.edu/ or
http://hpux.connect.org.uk/

Brian
<*(((>< er
Perception IS Reality
Reply
Cheryl Griffin
Honored Contributor

‎07-14-2000 06:21 AM

‎07-14-2000 06:21 AM

Re: suid

See ITRC Knowledge Base document id A5555024 "Sys Adm: general suid questions-permissions and user classes" for an explanation of SUID.

See also "Essential System Administration" in the O'Reilly series of UNIX books, Chapter 6: Security.
"Downtime is a Crime."
Reply
f. halili
Trusted Contributor

‎07-14-2000 07:13 AM

‎07-14-2000 07:13 AM

Re: suid

thanks.....
derekh
0 Kudos
Reply
Tim Nelson
Honored Contributor

‎07-22-2000 03:49 AM

‎07-22-2000 03:49 AM

Re: suid

Don't forget that setting the suid bit only suid's for file permissions. It will not work for commands. Lately I have been using SAMs ability to allow custom menus and applications to run as root for example. This basically is the same as "sudo" but comes included with HPUX instead of another 3rd party app to be administered. I use this to allow operators to run backups as root and help desk persons to reset non-root user passwords. The scripts you write that are called upon by the restricted SAM MUST be secure and fool proof.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.