Hello All,
I am trying to implement a small example to understand the working of SUID.
Following is the test scenario:
System : Ubuntu 12.04
Users:
1.)bhakti:x:1000:1000:bhakti,,,:/home/bhakti:/bin/bash
2.)hetal:x:1003:1000::/home/hetal:/bin/sh
Groups :
1.)bhakti:x:1000:
Following is the overview of test scenario:
1.)There is folder named "fold" in the directory /home/bhakti which is home directory of user "bhakti".It has 3 files a.txt,b.txt,c.txt each with permissions set to 664.
bhakti@bhakti:~$ ls -l | grep fold
drwx------ 2 bhakti bhakti 4096 Jun 13 20:24 fold
bhakti@bhakti:~$ ls -l fold
total 12
-rw-rw-r-- 1 bhakti bhakti 6 Jun 13 20:23 a.txt
-rw-rw-r-- 1 bhakti bhakti 12 Jun 13 20:23 b.txt
-rw-rw-r-- 1 bhakti bhakti 120 Jun 13 20:24 c.txt
2.)There is a shell script named "two.sh" which lists all the files in the directory provided as command line argument.
Shell script:
for entry in "$1"/*
do
if [ ! -d "$entry" ];then
echo "$entry"
fi
done
3.)The permissions of the file two.sh are set to 755 and then i have set the SETUID for this file using commands:
chmod 755 two.sh
chmod +s two.sh
So the permissions of the file are as follows:
bhakti@bhakti:~$ ls -l | grep two.sh
-rwsr-sr-x 1 bhakti bhakti 81 Jun 13 22:49 two.sh
4.)Now i execte the script as user "bhakti" and following is the output:
bhakti@bhakti:~$ ./two.sh fold
fold/a.txt
fold/b.txt
fold/c.txt
5.)Next I switch the user to "hetal" and execute the same script and i get following result:
hetal@bhakti:/home/bhakti$ whoami
hetal
hetal@bhakti:/home/bhakti$ pwd
/home/bhakti
hetal@bhakti:/home/bhakti$ ./two.sh fold
fold/*
hetal@bhakti:/home/bhakti$
The is unexpected since the concept says when SUID of a file is set
any persons or processes that run the file have access to system resources as though they are the owner of the file.
By setting the SUID of two.sh by the user "bhakti" , it is expected that any other user executing this file , executes it as if it is the owner of the file.
The links that I have referred for understanding this concept are:
http://www.comptechdoc.org/os/linux/..._ugfilesp.html
http://www.codecoffee.com/tipsforlin...icles/028.html
I hope i am not missing out something...
Any guidance would be appreciated...
Thanks in advance