2

I have a setuid program (getpwd) that runs as expected only when owned by root. 

-rwsr-xr-x 1 root root 7981 2011-11-17 18:28 getpwd*

In other words when my program is executed on the command line by user "alice" all works fine

The program opens a file in directory /home/secure and print the contents to screen.

alice@devbox:/home/alice/tmp$ ./getpwd
setuid is working

However when I change the ownership and set setuid of the file:

chown secure:users getpwd
chmod 4755 getpwd

-rwsr-xr-x 1 secure users 7981 2011-11-17 18:28 getpwd*

The program does not run when executed as user "alice".

alice@devbox:/home/alice/tmp$ ./getpwd
cannot open file /home/secure/test ...

Why is this happening?

ls -ld /home/ /home/secure/
drwx--x--x 2 secure users 280 Nov 18 11:16 /home/secure/

ls -ld /home/secure/*
-rw------- 1 secure users 33 Nov 15 14:35 /home/secure/test
user621092
  • 51
  • 1
  • 6
  • What's the output of `ls -ld /home /home/secure /home/secure/pathname` ? – sarnold Nov 18 '11 at 08:18
  • When run as root : `code` ls -ld /home/ /home/secure/* drwxr-xr-x 16 root root 392 Nov 15 14:32 /home/ -rwsr-xr-x 1 secure users 37 Nov 15 22:15 /home/secure/list.sh -rwsr-xr-x 1 secure users 7965 Nov 15 22:16 /home/secure/runscript -rw-r--r-- 1 secure users 165 Nov 15 22:16 /home/secure/runscript.c -rw------- 1 secure users 33 Nov 15 14:35 /home/secure/test`code` – user621092 Nov 18 '11 at 08:41
  • Can you [edit] that into your existing question? The comments make monospaced pastes illegible. :( -- and don't forget the `ls -ld /home/secure` -- I want to know owner and permissions on that directory, too. – sarnold Nov 18 '11 at 08:42
  • the file test is set as -rw-------. This is correct. No one should be able to read the file except user secure. – user621092 Nov 18 '11 at 09:17
  • What is the code of the _program_? Is it compiled executabe or a *script?* SUID does not work for scripts. – firda Aug 12 '15 at 18:56

1 Answers1

3

How do I ensure that only user "alice" can run the setuid program owned by secure?

There are two possible approaches. One uses nothing but traditional Unix permissions and the other uses newfangled ACLs.

Traditional Unix

Create a new group; perhaps ALICE or something obviously different from an alice user account. Make sure alice is a member of ALICE in group(5). (vigr(8) is a great way to edit the group(5) file.) Set the ownership of your getpwd program secure:ALICE and remove world execute privileges on the file. Then, only secure and members of the ALICE group can execute the setuid getpwd program.

If alice is just a stand-in for a potentially larger group of people, then maybe name the group SECURE. (Upper case is just convenient for my description. You don't have to stick with upper case.)

Newfangled ACLs

setfacl -m u:alice:x getpwd

The setfacl(1) program is a bit complicated, but it allows you to create far more complex permissions than the traditional Unix permissions. Because these are pretty different, most systems I have seen don't have them turned on by default -- that requires the acl option to mount(8) when mounting the filesystem. You would need to add acl to the filesystems in /etc/fstab that need the extra permissions. (You don't need to reboot to make it available, though; mount /file/system -oremount,acl would be sufficient for as long as the filesystem is mounted -- typically until reboot.)

I suggest sticking with the traditional Unix method.

Community
  • 1
  • 1
sarnold
  • 102,305
  • 22
  • 181
  • 238