Thank you all. All your responses were informative and educational. Let me ask a slightly unrelated question. While studying the busybox SUID implementation, I came across examples of using busybox.conf to set on the fly euids and guids.
However, the examples left me slightly confused. For instance, this site lists an example: http://www.softforge.de/bb/suid.html - this is a common example for this feature. Here is the part I find confusing. I don't get why you would add the following lines to your busybox.conf: [SUID] su = ssx root.0 My issue with the above statement is that I find it redundant. Since the busybox binary is already setuid root and setgid root, and the su command does not drop privileges as specified here busybox/include/applets.h: IF_SU(APPLET(su, _BB_DIR_BIN, _BB_SUID_REQUIRE)) then what would be the purpose of specifying those lines? Am I missing something? tia, rouble On Wed, Dec 1, 2010 at 7:14 AM, Denys Vlasenko <[email protected]> wrote: > On Wed, Dec 1, 2010 at 1:17 AM, rouble <[email protected]> wrote: >> Busybox Gurus, >> >> I am looking into providing the login functionality to non-root users. >> When I make the busybox executable setuid by root, login is accesible >> by non-root users. However, I don't understand the need for this? Why >> is login being required to get root permissions. > > How unprivileged program run by user foo can possibly allow > him to become user bar? > >> It isn't this way on typical linux installs. > > Typical linux installations do not bother to test whether > login run by user even works as intended. > > -- > vda > _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
