Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

UID/GID on Executable: Effective vs. Real UID concept

Posted on 2010-09-15
7
Medium Priority
?
858 Views
Last Modified: 2012-05-10
I wrote a short C++ program that only receives an input value (basically cin >> a ;).  I enabled UID on it.  So ls -l shows:
-rwsr-xr-x 1 root root   6058 Sep 15 09:50 prog

Now I executed it as "test" user and checked the real vs. effective UID as under:
 ps -eo cmd,ruser,euser,ruid,euid,pid | grep prog | grep -v grep
./prog                      test     root       501     0 14251

Just as I expected, real userid is 501(test) and effective uid is 0(root).

So far so good.

Now I tried to do the same using a shell script.  A bash script called script which should do the same thing but it doesn't.  Why?  Is there a way to see it working in a shell script.

-rwsr-xr-x 1 root root      5 Sep 15 09:29 script

ps -eo cmd,ruser,euser,ruid,euid,pid | grep 14328
bash                        test     test       501   501 14328

Second, will the script work as root or as user test?
0
Comment
Question by:farzanj
  • 4
  • 2
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 1800 total points
ID: 33682601
On most Unixes the "setuid on execution" flag does not work for shell scripts, only for binary executables.
Since this seems to be the case with your OS,  your script will run as user test.
wmp

 
0
 
LVL 4

Assisted Solution

by:jlar310
jlar310 earned 200 total points
ID: 33682645
bash (and other shells) ignores the setuid bit by design. It's a security thing. The setuid bit only works on compiled binary programs. In your example, the script will always run as the logged in user.
0
 
LVL 31

Author Comment

by:farzanj
ID: 33682704
I ran it on Red Hat Linux (RHEL5.5).
Second, please clarify if effective uid/gid the one that is checked for determining the access/permissions.  Does real uid/gid ever matter at all?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 1800 total points
ID: 33682870
The real userid always remains unchanged, and can be tracked by a so-designed application to find out the id of the invoking user.
The real id is used e.g. when files are being created by means of a setuid program, to set ownership to the correct id.
Besides that this real id can of course be used to possibly reject some actions otherwise allowed for the "effective" userid.
Think of /usr/bin/passwd! This executable is setuid "root" to allow for changing one's own password, but it checks the "real" id to reject changes for other users if not invoked by root.
wmp
 
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 1800 total points
ID: 33682931
... and yes, RHEL does not honor setuid! It's Linux, and that functionality is built into the Linux kernel, afaik.
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 1800 total points
ID: 33682950
The above should read
"...  does not honor setuid for shell scripts ..."
of course.
0
 
LVL 31

Author Closing Comment

by:farzanj
ID: 33683100
Thank you so much for your clarification and your time.  Appreciated.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses
Course of the Month12 days, 23 hours left to enroll

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question