Re: [expert] Problems with SUID and/or SGID for programs.

[Sergio Martín Turiel (ADP)]

The example is correct but don't work.   - The 'holanda' user belongs to the 'development' group. - The 'smn' user belongs to 'development' group. - The 'holanda' user has a program called 'Container' with 06755 permisions, that hold files in the directory '/holanda' with 0755 permisions.   The situation is that the 'smn' user take files with the 'Container' program and store them in the directory '/users/smn/e1' with 0775 permisions, correct, becose de 'holanda' user belongs to 'development' group and can write in the directory '/users/smn/e1'.   The problem is when the 'smn' user uses 'Container' program to stored files in the directory '/holanda', in that case if the suid flag don't work then the 'smn' user can't write in the directory '/holanda'.   It's mandatory the 0755 permisions in the directory '/holanda', because i need to use the flag suid but don't work, i don't know if the problem is in the linux distribution LM8 or not, but the filesystem has default permisions and the program has the flag suid activate and don't work. I try this situation in LM7 and it's the same, but in Redhat 6.2 work correctly.   I readed a lot of documentation about suid and not found nothing that can help me.   Tips: BASH, MSEC, KERNEL ¿?, another packet.   ----- Original Message ----- From: Rusty Carruth To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 09, 2001 6:50 PM Subject: Re: [expert] Problems with SUID and/or SGID for programs. "Sergio Martín Turiel (ADP)" <[EMAIL PROTECTED]> wrote: Hello to everybody, this is the first time that i write. My problem is that i set the SUID and/or SGID for a program that i compiled with one user, and i need to execute that program with another users belongs to same group but the user when executed the program was not the owner of the file, the file system where the program resides have default permisions and i don't know because the execute user is not the owner, i try in LM7 and LM8 with the same result, but with the Red Hat 6.2 is corret. Why? Can somebody help me? It is very important because this factor must be decisive in what distribution must be install in i development computer with many development users. Let me see if I understand. user 'd' owns and compiles executable program 'p'. User 'd' is a member of group 'g' The program needs to run as user 'd'. (essential assumption!) (because maybe the log file that program uses is owned by user 'd' and is not group writable (a possible solution - make that file group writable (but the problem with that idea is that then ANY user in that group can mess up your log or whatever file))) You need any user in group 'g' to be able to run program 'p'. I will assume you don't want just anyone to run 'p'. Ok, so, if you do: ls -l p You should see: -rwx------ 2 d g 16384 Jun 2 22:54 p* (the NUMBERS should be different, but the rest should be the same) So, if you said 'chmod 6550 p' you might get the program to become the userid 'd' upon execution, you might not.... Good luck! rc Rusty E. Carruth Email: [EMAIL PROTECTED] or [EMAIL PROTECTED] Voice: (480) 345-3621 SnailMail: Schlumberger ATE ___ FAX: (480) 345-8793 7855 S. River Parkway, Suite 116 \e/ Ham: N7IKQ @ 146.82+,pl 162.2 Tempe, AZ 85284-1825 V ICBM: 33 20' 44"N 111 53' 47"W http://tuxedo.org/~esr/ecsl/index.html