Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

setuid program

Status
Not open for further replies.
relz

relz

Technical User
May 5, 2002
23
IL
Hi,

I'm trying to run a simple setuid program on Linux. I know that shell scripts aren't allowed to setuid, so I wrote a simple C file to do the job (yes I know it's not wise to use the system() command, it's just for testing purposes).
This is the code:
Code: 
#include <unistd.h> 
#include <sys/types.h> 

int main (int argc, char *argv) {
  printf(&quot; When I invoke getuid I get: %d\n&quot;, getuid());
  system (&quot;ls ~relz/temp/locked_dir&quot;);
  return 0;
}
And the permissions are:
-rwsr-xr-x 1 relz arzey setuid_prog*

It is supposed to print the effective user-id, and then list the files in a directory accesible only by the owner &quot;relz&quot;.

But when I run this program from another user, I get his user-id returned, and of course the directory can't be listed because of &quot;permission denied&quot;.

What am I doing wrong?
 
Sort by date Sort by votes
a) if you want run a setuid prg, the prg has to be
ownet and setuid by root
b) sure you can check the user

user = get(e)uid();
if(user != whatiexpect) exit(1)
do the job....
exit(0);
 
Upvote 0 Downvote
Thanks for the reply iribach,

Are you saying that setuid programs can only be written by the root ? That sounds strange, what if a different user wants to grant privelage to his files. For example in my case I'm in a univresity network, so obviously I won't get root permissions, but still I would like my friends to have access through a setuid program.
 
Upvote 0 Downvote
no, i say anly root can change uid without asking for pwd
in the example:

#define USER 11111 /* assumed this is your user-id */
/* this define is really dirty, use getpwnam() instead */

user = get(e)uid(); /* remember the calling user */
/* enter the critical step */
/* this only works by setuid-root */
if(setuid(USER)) exit(1);
do the root job....
if(setuid(user)) exit(1); /* should never happen, you are root, but if the user was deleted by another process ... */
do the normaluser job
exit(0);

-------

to allow your friends to access files owned by you, if they are in the same group like you, chmod 775 filename,
ask your admin to include you and friends in a same group.
this is the unix way to do it
:)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

peac3
  • Locked
  • Question
how assign port to specific program
Replies
1
Views
58
feherke
feherke
markmulligansr
  • Locked
  • Question
How do I write a KSH script to run programs in parallel? 1
Replies
1
Views
247
Annihilannic
Annihilannic
ocon
  • Locked
  • Question
How to pass information from script to a Program 1
Replies
1
Views
84
PHV
PHV
codemut
  • Locked
  • Question
common pipe for multiple programs 2
Replies
4
Views
151
PHV
PHV
TonyGroves
  • Locked
  • Question
Program for reading/editing config files? 2
Replies
15
Views
204
TonyGroves
TonyGroves

Part and Inventory Search

Sponsor

Back
Top