Home > Archive > Unix Programming > May 2004 > setuid and secondary group on HPUX
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
setuid and secondary group on HPUX
|
|
|
| Hi there,
I wrote a program which will setuid to a user and then run a script. But
I have problem running the script with the group ID belongs to the secondary
group of the user. It runs fine on AIX. But no on HP11.0
Here is the code how I setuid
// Set up the env stuff
setEnvVar("HOME", pswd->pw_dir);
char* shell = pswd->pw_shell;
if (!shell || *shell == 0) shell = const_cast<char*>(BINSH);
setEnvVar("SHELL", shell);
setEnvVar("USER", pswd->pw_name);
setEnvVar("LOGNAME", pswd->pw_name);
if (setgid(pswd->pw_gid))
{
cybspawnLog("Could not setgid(%d): error %d (%s)",
pswd->pw_gid, errno, strerror(errno));
return false;
}
if (initgroups(pswd->pw_name, pswd->pw_gid)) {
cybspawnLog("Could not initgroups(\"%s\", %d): error %d (%s)",
pswd->pw_name, errno, strerror(errno));
return false;
}
if (setuid(pswd->pw_uid))
{
cybspawnLog("Could not setuid(%d): error %d (%s)",
pswd->pw_uid, errno, strerror(errno));
return false;
}
Scripts permission:
-rwxr-x--- 1 user1 adm 1038 Mar 31 2003
/u1/scripts/testll3
User test:
uid=364(test) gid=1(staff) groups=4(adm)
I start the program as root then setuid to user test, but I can't run the
scripts testll3. I can run the scripts if I login or su to user test but not
in the program. So Im wondering if I need to do something else to make it
work with setuid.
Thanks in advance
| |
| Barry Margolin 2004-05-19, 9:31 pm |
| In article <ayNqc.43240$kc2.648751@nnrp1.uunet.ca>,
"cc" <ultraman@rogers.com> wrote:
> Hi there,
> I wrote a program which will setuid to a user and then run a script. But
> I have problem running the script with the group ID belongs to the secondary
> group of the user. It runs fine on AIX. But no on HP11.0
You don't show how you run the script. Many shell implementations check
whether the effective uid is different from the real uid, and revert
back to the real uid. There may be a shell command-line option that
disables this (it's -p for Bourne shell and similar shells).
>
> Here is the code how I setuid
>
> // Set up the env stuff
> setEnvVar("HOME", pswd->pw_dir);
> char* shell = pswd->pw_shell;
> if (!shell || *shell == 0) shell = const_cast<char*>(BINSH);
> setEnvVar("SHELL", shell);
> setEnvVar("USER", pswd->pw_name);
> setEnvVar("LOGNAME", pswd->pw_name);
>
> if (setgid(pswd->pw_gid))
> {
> cybspawnLog("Could not setgid(%d): error %d (%s)",
> pswd->pw_gid, errno, strerror(errno));
> return false;
> }
>
> if (initgroups(pswd->pw_name, pswd->pw_gid)) {
> cybspawnLog("Could not initgroups(\"%s\", %d): error %d (%s)",
> pswd->pw_name, errno, strerror(errno));
> return false;
> }
>
> if (setuid(pswd->pw_uid))
> {
> cybspawnLog("Could not setuid(%d): error %d (%s)",
> pswd->pw_uid, errno, strerror(errno));
> return false;
> }
>
> Scripts permission:
> -rwxr-x--- 1 user1 adm 1038 Mar 31 2003
> /u1/scripts/testll3
>
> User test:
> uid=364(test) gid=1(staff) groups=4(adm)
>
> I start the program as root then setuid to user test, but I can't run the
> scripts testll3. I can run the scripts if I login or su to user test but not
> in the program. So Im wondering if I need to do something else to make it
> work with setuid.
>
> Thanks in advance
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
| |
|
| >
> You don't show how you run the script. Many shell implementations check
> whether the effective uid is different from the real uid, and revert
> back to the real uid. There may be a shell command-line option that
> disables this (it's -p for Bourne shell and similar shells).
I just do execvp to exec the scripts. I tried to call getgroups and print
out the result after setuid, and it only show the primary group in HPUX. But
in AIX and Solaris, it shows all the groups and the program works. Anyone
have any idea how to make it work in HPUX? What is the su do beside
initgroups, setuid etc in HP?
| |
| Ian P. Springer 2004-05-20, 12:33 pm |
| | >
| > You don't show how you run the script. Many shell implementations
check
| > whether the effective uid is different from the real uid, and revert
| > back to the real uid. There may be a shell command-line option that
| > disables this (it's -p for Bourne shell and similar shells).
|
| I just do execvp to exec the scripts. I tried to call getgroups and
print
| out the result after setuid, and it only show the primary group in HPUX.
But
| in AIX and Solaris, it shows all the groups and the program works.
Anyone
| have any idea how to make it work in HPUX? What is the su do beside
| initgroups, setuid etc in HP?
You could try using tusc to determine what system calls su is making.
Ian
|
|
|
|
|