On Friday 22 January 2021 19:19:12 The Wanderer wrote: > On 2021-01-22 at 19:09, Gene Heskett wrote: > > On Friday 22 January 2021 18:35:27 David Christensen wrote: > >> chmod u+s /usr/local/libexec/amanda/ambind > > > > root@coyote:amanda-3.5.1$ chmod u+s /usr/local/libexec/amanda/ambind > > root@coyote:amanda-3.5.1$ su amanda -c "/usr/local/sbin/amcheck > > Daily" Amanda Tape Server Host Check > > ----------------------------- > > ERROR: program /usr/local/libexec/amanda/ambind: not setuid-root > > What does > > $ ls -lh /usr/local/libexec/amanda/ambind > > say? -rwxr-x--x 1 amanda backup 27K Jan 22 18:46 /usr/local/libexec/amanda/ambind
> All 'chmod u+s' does is set the suid bit. What having that bit does > (as I understand matters) is cause the program to run with the > permissions of the user who owns the file. > > If that file is owned by some user other than root, than the suid bit > will just cause it to be run as that other user, which may well not be > enough. > > You may also want to check > > $ file /usr/local/libexec/amanda/ambind /usr/local/libexec/amanda/ambind: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=32a4e4b5ad333ece10f31f4ad77224c321656b11, not stripped > > to confirm whether this program is a script; I've seen cases where > having a script with the suid bit set isn't enough, because it invokes > another binary which isn't and the permissions don't wind up getting > passed along. (Whether that happens typically with scripts I don't > know.) Thanks Wanderer Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
