Hello All,
I am trying to implement a small example to understand the working of SUID.
Following is the test scenario:
System : Ubuntu 12.04
Users:
1.)bhakti:x:1000:1000:bhakti,,,:/home/bhakti:/bin/bash
2.)hetal:x:1003:1000::/home/hetal:/bin/sh
Groups :
1.)bhakti:x:1000:

Following is the overview of test scenario:
1.)There is folder named "fold" in the directory /home/bhakti which is home directory of user "bhakti".It has 3 files a.txt,b.txt,c.txt each with permissions set to 664.

bhakti@bhakti:~$ ls -l | grep fold
drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold
bhakti@bhakti:~$ ls -l fold
total 12
-rw-rw-r-- 1 bhakti bhakti 6 Jun 13 20:23 a.txt
-rw-rw-r-- 1 bhakti bhakti 12 Jun 13 20:23 b.txt
-rw-rw-r-- 1 bhakti bhakti 120 Jun 13 20:24 c.txt

2.)There is a shell script named "two.sh" which lists all the files in the directory provided as command line argument.

Shell script:
for entry in "$1"/*
do
if [ ! -d "$entry" ];then
echo "$entry"
fi
done

3.)The permissions of the file two.sh are set to 755 and then i have set the SETUID for this file using commands:
chmod 755 two.sh
chmod +s two.sh
So the permissions of the file are as follows:
bhakti@bhakti:~$ ls -l | grep two.sh
-rwsr-sr-x 1 bhakti bhakti 81 Jun 13 22:49 two.sh

4.)Now i execte the script as user "bhakti" and following is the output:
bhakti@bhakti:~$ ./two.sh fold
fold/a.txt
fold/b.txt
fold/c.txt

5.)Next I switch the user to "hetal" and execute the same script and i get following result:

hetal@bhakti:/home/bhakti$ whoami
hetal
hetal@bhakti:/home/bhakti$ pwd
/home/bhakti
hetal@bhakti:/home/bhakti$ ./two.sh fold
fold/*
hetal@bhakti:/home/bhakti$

The is unexpected since the concept says when SUID of a file is set
any persons or processes that run the file have access to system resources as though they are the owner of the file.
By setting the SUID of two.sh by the user "bhakti" , it is expected that any other user executing this file , executes it as if it is the owner of the file.

The links that I have referred for understanding this concept are:
http://www.comptechdoc.org/os/linux/..._ugfilesp.html
http://www.codecoffee.com/tipsforlin...icles/028.html

I hope i am not missing out something...
Any guidance would be appreciated...
Thanks in advance

remember, the shell scripts never run by themselves. There is a shell interpreter (probably /bin/bash) which will try to execute the script. therefore setting setuid/setgid bits on a shell script have no meaning at all.










_____________________________________
If someone helps you, or you approve of what's posted, click the "Add to Reputation" button, on the left of the post.
Happy with solution ... mark as SOLVED
(located in the "thread tools")

1 members found this post helpful.

Hi pan64,
Firstly would thank you for ur guidance.
I checked the permissions of /bin/bash which were set to 755 by default.
What I did was set the setuid for /bin/bash using chmod +s /bin/bash
So now , it would work like :
Run two.sh from user "hetal" -> invokes /bin/bash(which has setuid bit set and has root as owner) -> try reading "fold" directory(whose permissions are set to 700)

Following is the output:
bash-4.2$ ls -l | grep fold
drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold
bash-4.2$ whoami
hetal
bash-4.2$ ./two.sh fold
fold/*

Now if I am understanding it right , since bash has setuid bit set any process running bash would run it as if it were root.
This implies that now two.sh which is being executed is running as if "root" user and root being super user it can read contents of any directory.
So in this case this output is invalid and it should list the directory contents.

Then I tried one more thing:
I set the permissions of folder "fold" to 744
Now repeated the same test.The result is :

root@bhakti:/home/bhakti# ls -l | grep fold
drwxr--r-- 2 bhakti bhakti 4096 Jun 13 20:24 fold
root@bhakti:/home/bhakti# su hetal
$ bash
bash-4.2$ ./two.sh fold
fold/a.txt
fold/b.txt
fold/c.txt

This implies that I have to set the permission for "others" as Read for directory "fold" so that root user(belonging to a different group than that of creator "bhakti") can read it which is irrational .

Also what i tried is output:
Set the permissions of folder "fold" back to 700.
Now run the file two.sh from "root" user.

Following is the output
root@bhakti:/home/bhakti# chmod 700 fold
root@bhakti:/home/bhakti# ls -l | grep fold
drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold
root@bhakti:/home/bhakti# ./two.sh fold/
fold//a.txt
fold//b.txt
fold//c.txt

Also , I observed , when i changed the bash setuid ; they way interpreter is presented changes from :
hetal@bhakti:/home/bhakti$ to bash-4.2$ .


I hope i am not confusing you ...
Please guide if i am wrong at my concepts....

here is a small explanation: http://www.faqs.org/faqs/unix-faq/fa...section-7.html
here is another one: http://www.tuxation.com/setuid-on-shell-scripts.html




_____________________________________
If someone helps you, or you approve of what's posted, click the "Add to Reputation" button, on the left of the post.
Happy with solution ... mark as SOLVED
(located in the "thread tools")

1 members found this post helpful.

Thanks ....i would delve into the details