HPE Community
Operating System - HP-UX
1826268 Members
3780 Online
109692 Solutions
New Discussion

UID/GID of startup script

 
Rohan_7
Advisor

‎03-02-2004 12:48 AM

‎03-02-2004 12:48 AM

UID/GID of startup script

Hi,

I have a small question:
With what uid and gid the startup script (installed in rc[N].d would run?

On my system, I have 'sys' as the first (and direct) group of 'root'. However, I have observed that the startup script runs as "root:root".

Can I change this setting? If yes, how?

Thanks in advance
Rohan
0 Kudos
Reply
10 REPLIES 10
Sridhar Bhaskarla
Honored Contributor

‎03-02-2004 12:53 AM

‎03-02-2004 12:53 AM

Re: UID/GID of startup script

Hi Rohan,

It doesn't matter who owns the script. It will be run with the uid of the account that is running the script if it didn't have suid bit set on it.

If you want to run it as sys, then you will need to set the suid bit on it. Setting suid bit on a script is little tricky. Do not give read and execute permissions for others on this script.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Rohan_7
Advisor

‎03-02-2004 01:04 AM

‎03-02-2004 01:04 AM

Re: UID/GID of startup script

Hi Shridhar

Yes, setuid would be the other option but I cannot use it because of some other reasons.

Actually, what I am wondering is,
when you login to the system as root and run the script/program it runs as "root:sys".
But as startup script it runs as "root:root".

Any specific reasons for this?

thanks
Rohan
0 Kudos
Reply
Robert Binkhorst
Trusted Contributor

‎03-02-2004 01:06 AM

‎03-02-2004 01:06 AM

Re: UID/GID of startup script

Hi,

There's no definitive answer to this one. I've seen the following (with this syntax, owner:group):
root:root
root:sys
bin:bin

Anyway, it doesn't really matter for the functioning of your application. It can be a security risk though.

You can change this setting, try "man chown".

HTH,

Robert
linux: the choice of a GNU generation
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎03-02-2004 01:38 AM

‎03-02-2004 01:38 AM

Re: UID/GID of startup script

What OS are you running?

For HP-UX - bin:bin is prefered.

In Red HAt Linux, seems to be root:root

You can change with the chown command.

chown root:root script

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Seth Parker
Trusted Contributor

‎03-02-2004 04:16 PM

‎03-02-2004 04:16 PM

Re: UID/GID of startup script

Rohan,

I don't know this for sure, but I think the scripts are running as root:root because root is not actually logged-in. When you log in as root, the passwd file entry gets used and the GID is assigned appropriately, but I bet when the system is coming up it's just using UID=0 and GID=0.

Just curious, what are you trying to accomplish by altering this behavior?

Regards,
Seth
0 Kudos
Reply
Rohan_7
Advisor

‎03-02-2004 04:27 PM

‎03-02-2004 04:27 PM

Re: UID/GID of startup script

Hi Seth

The reasoning you are explained makes sense!
Thanks for that.

If a process runs with "root:root" the files created by it would be owned by "root:root". But if it runs as "root:sys", the ownership would be "root:sys"
There wouldn't be problem accessing those files by the same process. However, its not good to have different owenerships(behavior) in such conditions.

-Rohan
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎03-02-2004 05:11 PM

‎03-02-2004 05:11 PM

Re: UID/GID of startup script

Hi Rohan,

I missed the follow-up on this. rc scripts are started by boot 'init' process based on /etc/inittab file. Since "root" actually doesn't login and run these rc scripts as mentioned by Seth, you wouldn't see 'sys' as the primary group for these processes.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Mobeen_1
Esteemed Contributor

‎03-02-2004 05:41 PM

‎03-02-2004 05:41 PM

Re: UID/GID of startup script

Rohan,
If you run the script interactively then your script runs as 'sys' and i think this is expected behaviour because of the fact that it relies on your the root logins UID/GID. If you would like to change this, then as many of our friends have suggested, use CHOWN root:root <script name>

The fact that you see that at the system startup the same script is run as root:root could be attributed to the fact that its being run non-interactively.

It would help if you could share with us, what you are trying to accomplish. May be some one may have a good suggestion.

Take care

rgds
Mobeen
0 Kudos
Reply
Seth Parker
Trusted Contributor

‎03-02-2004 05:59 PM

‎03-02-2004 05:59 PM

Re: UID/GID of startup script

Rohan,

The only thing I can think of if you *really* want those scripts to run as "root:sys" is to change the permissions on the files to SGID with "chmod g+s ..." and change the group to "sys" with "chgrp sys ...".

I don't know what that'll actually do for you, unless there's a particular script that's creating files that are giving you problems when the group on them is root. Maybe you could just change that one script and leave the rest alone?

Regards,
Seth
0 Kudos
Reply
Rohan_7
Advisor

‎03-02-2004 06:26 PM

‎03-02-2004 06:26 PM

Re: UID/GID of startup script

Hi Guys,

Thanks a lot for all your responses.

Let me explain the exact problem in more details.
- I have an application that can be run as specified user - configurable same as in Apache!.
- If you login as root and start the application, it will set its effective uid/gid to the specified user's.
- For some operations, I want it to run as 'root' so I switch back the effective UID and GID to root's UID and GID. This is read from root's passwd entry.
--- And here is the problem
- setgid(sys) fails with EPERM

- while switching back, I set the gid first and then uid.
- So when the application is run interactively(by loggin in and then start) it can switch back its uid/gid properly. As the realgid or savedgid matches to the one being set.
- But when run through startup script, it ca nnot set gid to 'sys' as neither realgid nor savedgid matches with 'sys'. As both are 'root'.

And that is the problem!

Another quick solution is to change the order of switching back. i.e setuid(root) first and then setgid(sys) which works!

Any more solutions?

Thanks
Rohan


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.