Re: File Permissions

From: Dan Anderson (dan_at_mathjunkies.com)
Date: 11/28/03 

Date: Fri, 28 Nov 2003 20:31:17 GMT

"Michael Gerbasio" <mwgerbasio@hotmail.com> writes:

> root. I created a user "myuser" which is part of the "user" group. The
> partition permissions are set for drwxr-xr-x so I would expect the only one
> able to read and write to this directory would be the owner, in this case
> root, or a member of the root group. However, the user I created "myuser"
> can write to this directory even though it is a member of the user group,
> not the root group.

        It is possible to change a directory in such a way that it is
writable by anyone so long as they either a) write a new file or b)
modify their old files. I believe it's called a setuid bit and you do
it by chmod +u a directory, but don't quote me. It is also possible
to use this as a way to force a script/program to be run as its owner.

        This is a setup most often used for the upload directory of
file servers / ftp servers, etc. Samaba seems like an ideal candidate
for this. Also it is used if you need to give an ordinary user
extraordinary permissions. For instance, in some setups normal users
aren't allowed to read /proc . This is bad if normal users need to
use programs that depend on /proc (i.e. df?). So if you setuid df and
it is owned by root, df will be able to read the /proc directory
because it is root. Of course there are a number of dangers
assosciated with this, because df could also rm -fR / as root
(possible if somebody figured out a way to exploit df or gave you a
version they altered -- a remote possibility if you're smart about
these things but still a possibility).

DISCLAIMER:

        info chmod for more information. I know the above things
exist but generally don't use them, so my mind is a little fuzzy on
the exact details (what chmod command to setuid forinstance and if
setuid is what I should be calling it -- I forget). I just figured it
would help you understand. :-D

-Dan

Relevant Pages

  • Re: set effective user to root
    ... suid root program. ... Normal users may neither read nor write the data file. ... If the user is root or the program is setuid root, ...
    (comp.os.linux.misc)
  • Re: Changing to su problem
    ... So this means that when the program runs the effective user-id of ... process will be the owner of the program, ... So euid becomes root when program runs. ... The above chmod is just to show that setuid bit is set, ...
    (comp.unix.programmer)
  • Flaws in recent Linux kernels
    ... The first vulnerability results in local DoS. ... to the ptrace bug mentioned. ... Root compromise by ptrace ... setuid root and world-executable. ...
    (Bugtraq)
  • Re: Is screen really secure?
    ... > "do not run a daemon as root as long isn't really require it".. ... Screen is setuid root by default. ... or you can make utmp/wtmp/lastlog group "utmp" ... Here's what I worry about. ...
    (FreeBSD-Security)
  • DMA[2005-0501a] - ARPUS/Ce setuid buffer overflow and file overwrite
    ... Ce/Ceterm aka. ARPUS/Ce is an integrated ascii text editor and X based terminal emulator ... In the past machines other than SunOS and Apollo had to have ceterm installed as setuid root. ...
    (Bugtraq)