Kyle Burton on Mon, 4 Oct 1999 09:37:29 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [Plug] expect problem -- set uid


setuid is a permission on a file.  The standard permissions fit into a 3
digit octal number:  777 is rwx for user, group, and other.  There is also
a 4th column, that can be used for the afore mentioned suid.

To set it, you can use 'chmod u+s' for symbolic mode, or for octal mode: 
'chmod 4755'.

When used on an executable, it boils down to is this:  when the executable
is running, it runs with the euid (effective userid) of the user who owns 
the file.

An suid root executable is an executable file owned by root, with the uid 
bit set.  Thus, when anyone runs the program, it runs with an euid of root,
but a uid of the user who ran it.  This gives the running program the ability
to do some things that are normaly reserved only for root, like file access.
A running suid root program can access files (this is usually importiant
in the context of devices - like the serial port, or cdrom) that only
root has permission to use -- like when a device has 644, only root can
write to it.  But our suid root program can write to it, even if someone
who is not root runs it.

These flags have differnet meanings for directories.  The man/info pagees
for chmod should explain them.



k


------------------------------------------------------------------------------
"Success covers a multitude of blunders." 
    -- George Bernard Shaw
mortis@voicenet.com                            http://www.voicenet.com/~mortis
------------------------------------------------------------------------------

On Mon, 4 Oct 1999 tburba@GLCORPIS01.usvision.com wrote:

> 
> 
> 
> 
> >>system administrator had decided to remove setuid from all programs<<
> Forgive my ignorance, I see "setuid root" quite often and don't fully
> understand what it means, the ramifications, and how to do/undo it. Can
> anyone help paraphrase the man pages and explain it? TIA.
> 
> 
> 
> 
> lopp@earthlink.net on 10/03/99 07:05:02 PM
> 
> Please respond to plug@lists.nothinbut.net
> 
> To:   plug@lists.nothinbut.net
> cc:    (bcc: Thomas A Burba/USVISION)
> Subject:  [Plug] expect problem
> 
> 
> 
> 
> There was a discussion of expect here a few weeks ago.  I finally get
> around to trying it out and I can't get past one simple problem :  it
> always fails on the 'spawn' command.
> Whether executing as myself or as root, it invariably says :
> spawn ftp
> The system has no more ptys.  Ask your system administrator to create
> more.
>     while executing
> "spawn ftp"
> The Expcet FAQ (http://expect.nist.gov/FAQ.html) offers very little help
> :
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> 58.Why does Expect work as root, but say "out of ptys" when run as
> myself?
>       Expect works fine as root, but when I run it as myself it says
> "out of ptys" (which I know isn't true).  Any ideas?
>       Sounds like a misconfiguration problem on your system. For
> example, once I saw this on a
>       Digital system where the system administrator had decided to
> remove setuid from all programs
>       ("I heard that setuid is a security risk, right?"). On that
> particular system, Expect uses a system
>       library function that internally calls an external program chgpt
> which exists solely for the
>       purpose of managing ptys. Needless to say, it must be setuid.
> Unfortunately, the library function
>       doesn't do enough error checking, and there's no way for Expect to
> know that, so there's
>       nothing I can do to give a better diagnostic explaining how your
> system is misconfigured.
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> It also has some stuff about configuring the devpts fs, but that was no
> help.  My concern is instead with the '' program instead....not only do
> I not have a copy of it, I've never heard of it.  I've done a number of
> web searches for the string "", but the only results are mirrors of the
> Expect FAQ, or in .de or .fi
> Any ideas?
> 
> _______________________________________________
> Plug maillist  -  Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Plug maillist  -  Plug@lists.nothinbut.net
> http://lists.nothinbut.net/mail/listinfo/plug
> 


_______________________________________________
Plug maillist  -  Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug