07-18-2002
thanks PxT, that was a very good explanation :-)
-simon2000
10 More Discussions You Might Find Interesting
1. Programming
Hi all
I'm getting file info through stat( char *filename, struct stat *buf)
Taking all the file attributes to buf->st_mode,
How can i check the suid bit in there, if suid bit mask is 0004000??
Thank you all (1 Reply)
Discussion started by: solvman
1 Replies
2. Cybersecurity
Hi all,
Where can i find list of suid and gid files common for the system, let's say RedHat 7.1?
Thank you all
Regards
:D (1 Reply)
Discussion started by: solvman
1 Replies
3. UNIX for Advanced & Expert Users
Hi
Senario: I have previleges to edit a file F but User B does not have sufficient privs to edit it.
In order for B to edit it I tried an indirect way. I created a script to edit F and SUID this script so that B can execute it with the privs of me. But this is not working . can some one help... (3 Replies)
Discussion started by: Pankaj Mishra
3 Replies
4. UNIX for Dummies Questions & Answers
I'm writing this command/script to allow students to vi a private file of mine
in a private directory of mine. chmod 700 dir chmod 660 file
however since i own the directory and file; the script has to be ran by me so to speak, im just not sure how to set about doing this.
the script is... (5 Replies)
Discussion started by: StrengthThaDon
5 Replies
5. AIX
Hello,
I'm running AIX 6.1 box.
I tried to use suid on binary file but it doesn't work.
(I set suid on /usr/bin/sleep and tried to run it as user1(sleep owner is bin) - and program still runs as user1. It shoud run as bin isn't it ? - This test run as expected on Linux box)
Filesystem is... (3 Replies)
Discussion started by: vilius
3 Replies
6. UNIX for Advanced & Expert Users
Hi,
I am setting up SUID permissions on a binary.
It gets set for most of the users, however, 1 in 10 users is unable to set these.
For those who works:
> chmod 6555 Test
> ls -l Test
-r-sr-sr-x 1 A B 5524 Nov 15 14:53 Test
For those where it doesn't work:
> chmod 6555 Test... (14 Replies)
Discussion started by: vibhor_agarwali
14 Replies
7. Cybersecurity
Hello
My system is Debian-503-amd64. After I installed the "lpr" package, I found that some files with SUID bit come from this package. As:
ls -l /usr/bin/lp*
....
-rwsr-sr-x 1 root lp 31800 2008-05-20 /usr/bin/lpq
-rwsr-sr-x 1 root lp 28504 2008-05-20 /usr/bin/lpr
-rwsr-sr-x 1... (1 Reply)
Discussion started by: ZR_Lang
1 Replies
8. UNIX for Advanced & Expert Users
Hello all,
I have a file system with permissions:
drwxrwsr-x 49 pwcenter pwce1 4096 01 May 17:00 InFiles
Can someone explain the real significance of the 's' setting for group users please?
Cheers (3 Replies)
Discussion started by: Grueben
3 Replies
9. AIX
Dear all experts in this forum,
I have faced a audit issue as auditor told that we should not have SUID on /bin/su. As I have checked using Google, I found most of the site only telling that /bin/su should have the permission bit as -rwsr-xr-x but never explain why /bin/su need this permission... (4 Replies)
Discussion started by: kwliew999
4 Replies
10. UNIX for Dummies Questions & Answers
Hey guys,
Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries.
However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies
setuid(2) System Calls Manual setuid(2)
NAME
setuid(), setgid() - set user and group IDs
SYNOPSIS
DESCRIPTION
sets the real-user-ID (ruid), effective-user-ID (euid), and/or saved-user-ID (suid) of the calling process. If the Security Containment
product is installed, these interfaces treat a process observing as a privileged process. Otherwise, only processes with an euid of zero
are treated as privileged processes. See privileges(5) for more information on Security Containment and fine-grained privileges.
The following conditions govern setuid's behavior:
o If the process is privileged, sets the ruid, euid, and suid to uid.
o If the process is not privileged and the argument uid is equal to the ruid or the suid, sets the euid to uid; the ruid and suid
remain unchanged. (If a set-user-ID program is not running as superuser, it can change its euid to match its ruid and reset
itself to the previous euid value.)
o If the process is not privileged, the argument uid is equal to the euid, and the calling process has the privilege, sets the ruid
to uid; the euid and suid remain unchanged.
sets the real-group-ID (rgid), effective-group-ID (egid), and/or saved-group-ID (sgid) of the calling process. The following conditions
govern behavior:
o If the process is privileged, sets the rgid and egid to gid.
o If the process is not privileged and the argument gid is equal to the rgid or the sgid, sets the egid to gid; the rgid and sgid
remain unchanged.
o If the process is not privileged, the argument gid is equal to the egid, and the calling process has the privilege, sets the rgid
to gid; the egid and sgid remain unchanged.
Security Restrictions
Some or all of the actions associated with this system call require the privilege. Processes owned by the superuser have this privilege.
Processes owned by other users may have this privilege, depending on system configuration.
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
RETURN VALUE
Upon successful completion, and return 0; otherwise, they return -1 and set to indicate the error.
ERRORS
and fail and return -1 if any of the following conditions are encountered:
None of the conditions above are met.
uid (gid) is not a valid user (group) ID.
WARNINGS
It is recommended that the capability be avoided, as it is provided for backward compatibility. This feature may be modified or dropped
from future HP-UX releases. When changing the real user ID and real group ID, use of and (see setresuid(2)) is recommended instead.
AUTHOR
was developed by AT&T, the University of California, Berkeley, and HP.
was developed by AT&T.
SEE ALSO
exec(2), getuid(2), setresuid(2), privileges(5).
STANDARDS CONFORMANCE
setuid(2)