SUMMARY: Silly Little Question about SETUID

From: Ben Green (awk@carolina.rr.com)
Date: Fri Jul 18 2003 - 20:49:50 EDT

• Next message: Angel Alejandro Vega Soto: "Adding shared disk to Cluster Volume Manager 2.2"
• Previous message: kim lee: "LTO GEN2 L180"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks to Terry Garnder, Larye Parkins, Rich Teer, Dave Mitchell, & Walter
Huekels.

General consensus: A script losing the setuid bit when edited by non-root
users is normal behavior.

Helpful tips:
Larye Parkins wrote:
====================
instead of setuid scripts, normally cautious types use a wrapper, which is a
small compiled program that, using setuid privilege, executes a shell script
which is only readable/executable by the setuid user. A simple setuid
wrapper, from the perlsec man page:
#define REAL_PATH "/path/to/script"
main(ac, av)
char **av;
{
execv(REAL_PATH, av);
}
The wrapper is setuid, the script isn't, so the script owner can edit away.
However, the script must be protected from compromise, since the wrapper
will run whatever is at the target location.
====================
Walter Heukels wrote:
use vim, which is better in every respect
and doesn't mess up the permissions.
====================

Thanks for all of the responses.

bfg

 -----Original Message-----
From: Ben Green [mailto:awk@carolina.rr.com]
Sent: Wednesday, July 16, 2003 5:07 PM
To: 'sunmanagers@sunmanagers.org'
Subject: Silly Little Question about SETUID

Fellow managers,

I have been living the superuser lifestyle too long. On one of my servers,
I recently helped a non-privileged user set the setuid bit on a shell
script. I used vi on it as root to make a small fix to it and it continued
to work. However, when the owner of the shell script edits the file with
vi, writing the changes to disk causes the setuid bit to go away. The user
then has to chmod u+s on the file to get it back.

Maybe I missed this during some discussion years ago, or maybe I have been
doing things as root so much that I have forgotten how the common user's
shell life goes.

Why is this happening?

Ben Green
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Angel Alejandro Vega Soto: "Adding shared disk to Cluster Volume Manager 2.2"
• Previous message: kim lee: "LTO GEN2 L180"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:47 EDT