Re: "setuid(UID)" and "chmod 4550" misbehaving

To: debian-user@lists.debian.org
Subject: Re: "setuid(UID)" and "chmod 4550" misbehaving
From: Will Trillich <will@serensoft.com>
Date: Mon, 21 Jun 2004 23:52:05 -0500
Message-id: <[🔎] 20040622045205.GB3571@serensoft.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200406211801.55395.sean@celsoft.com>
References: <[🔎] 20040621162313.GB19662@serensoft.com> <[🔎] 200406211801.55395.sean@celsoft.com>

On Mon, Jun 21 at 06:01PM -0700, Sean O'Dell wrote:
> On Monday 21 June 2004 09:23, Will Trillich wrote:
> > TASK:     allow USER1 to run a program AS USER2.
> > SOLUTION: setuid bit (in theory, right?)
> > PROBLEM:  theory not matching execution...
> 
> Sounds obvious, but make sure user www-data is in the list of
> users in the /etc/group file for group www-data.  Setting it
> only as the group of the user in /etc/passwd might not be good
> enough.

it's usually the overlooked obvious stuff that gets me.

from my original epistle:

	<snip>
		# groups www-data
		www-data : www-data

	so it's definitely runnable by apache (being user www-data),
	which should execute this SUID as cyrus. right? let's make sure
	the program does what we're expecting, as user cyrus:
	</snip>

and just for spite --

	$ grep www-data /etc/group
	www-data:x:33:will

whoa! group www-data doesn't list user www-data, but it shows up
via command "groups"? whassup with that?

just to be certain, i added it anyhow:

	$ grep www-data /etc/group
	www-data:x:33:will,www-data

but it STILL will not run the setuid program properly:

	# su www-data
	sh-2.05b$ ./chgsaslpasswd -p cyrus
	__ ./chgsaslpasswd: setuid(103): YAY!passwordHere
	chgsaslpasswd: generic failure
	sh-2.05b$ exit
	# 

even tho file status is -r-sr-x---  1 cyrus  www-data
(runnable by-and-as user cyrus and runnable by anyone in group
www-data, including me and apache, in theory setuid-ing to user
cyrus...  NOT)



incidental/tangential question:

if the SUID bit in the executable file permissions isn't doing
the trick, is there any reason to try "setuid()" in the C code
itself? i tried it without the function call, and there appeared
to be no difference (i think)...

-- 
I use Debian/GNU Linux version 3.0;
Linux boss 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown
 
DEBIAN NEWBIE TIP #54 from Will Trillich <will@serensoft.com>
:
Tired of SLOW BROWSING THROUGH THE ONLINE APACHE MANUAL? Get
your own local copy and never worry about bandwidth again:
    apt-get install apache-doc
Then browse /usr/share/doc/apache/manual.html, quick like a
bunny.

Also see http://newbieDoc.sourceForge.net/ ...

Reply to:

References:
- "setuid(UID)" and "chmod 4550" misbehaving
  - From: Will Trillich <will@serensoft.com>
- Re: "setuid(UID)" and "chmod 4550" misbehaving
  - From: "Sean O'Dell" <sean@celsoft.com>

Prev by Date: Re: "setuid(UID)" and "chmod 4550" misbehaving
Next by Date: Re: "setuid(UID)" and "chmod 4550" misbehaving
Previous by thread: Re: "setuid(UID)" and "chmod 4550" misbehaving
Next by thread: querying install times on packages
Index(es):
- Date
- Thread