setuid-root and rsh?

setuid-root and rsh?

Post by Kerr Tun » Fri, 28 Jun 1996 04:00:00




> I would like to allow a user without root access to be in charge of doing
> the tape backups of a small SunOS/Solaris system (30 machines).  I currently
> have a single shell-script that will do the dump.  I would like to setuid to
> root, and allow the user just to load the tape and run the shell-script.

> My problem is that inside the shell, when 'rsh machinename' is done, it sets
> the process (on machinename) back to the user's id, rather than root id. Is
> it possible for a setuid shell-script to use rsh in a way that preserves the
> root id?

> Is there any other solutions to this problem, other than allowing the
> user root access?  The only other option I've though of it to have a
> setuid-root script on each machine (eliminating the need for 'rsh'), but
> I would rather not do this.



Well, the better solution is to chmod on this tape device found under
/dev/rmt to give this user write permission.
 
 
 

setuid-root and rsh?

Post by Kerr Tun » Fri, 28 Jun 1996 04:00:00



> I would like to allow a user without root access to be in charge of doing
> the tape backups of a small SunOS/Solaris system (30 machines).  I currently
> have a single shell-script that will do the dump.  I would like to setuid to
> root, and allow the user just to load the tape and run the shell-script.

> My problem is that inside the shell, when 'rsh machinename' is done, it sets
> the process (on machinename) back to the user's id, rather than root id. Is
> it possible for a setuid shell-script to use rsh in a way that preserves the
> root id?

> Is there any other solutions to this problem, other than allowing the
> user root access?  The only other option I've though of it to have a
> setuid-root script on each machine (eliminating the need for 'rsh'), but
> I would rather not do this.



Well, the better solution is to chmod on this tape device found under
/dev/rmt to give this user write permission.

 
 
 

setuid-root and rsh?

Post by Casper H.S. D » Fri, 28 Jun 1996 04:00:00



>I would like to allow a user without root access to be in charge of doing
>the tape backups of a small SunOS/Solaris system (30 machines).  I currently
>have a single shell-script that will do the dump.  I would like to setuid to
>root, and allow the user just to load the tape and run the shell-script.
>My problem is that inside the shell, when 'rsh machinename' is done, it sets
>the process (on machinename) back to the user's id, rather than root id. Is
>it possible for a setuid shell-script to use rsh in a way that preserves the
>root id?

This is a symptom of rsh asking for the real user id which is
unchanged by making your script set-uid.

The supported method of doing what you want is this:

        - put the dump user in group operator (SunOS 4) or
          sys(Solaris 2)
        - make sure the user can write the tape
        - perform dumps under his account

Casper
--
Casper Dik - Sun Microsystems - via my guest account at the University

Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

setuid-root and rsh?

Post by Gregory Row » Fri, 28 Jun 1996 04:00:00



: >I would like to allow a user without root access to be in charge of doing
: >the tape backups of a small SunOS/Solaris system (30 machines).  I currently
: >have a single shell-script that will do the dump.  I would like to setuid to
: >root, and allow the user just to load the tape and run the shell-script.
: >My problem is that inside the shell, when 'rsh machinename' is done, it sets
: >the process (on machinename) back to the user's id, rather than root id. Is
: >it possible for a setuid shell-script to use rsh in a way that preserves the
: >root id?
: This is a symptom of rsh asking for the real user id which is
: unchanged by making your script set-uid.
: The supported method of doing what you want is this:
:       - put the dump user in group operator (SunOS 4) or
:         sys(Solaris 2)
:       - make sure the user can write the tape
:       - perform dumps under his account

Perhaps I don't understand, but is the problem the user can't access the tape
device, or is it that the backup person cannot access the files to be backed
up?  If a common user has his account closed, ie  drwx------, I think ONLY
a process with UID 0 will be able to access those files and backup properly,
otherwise, files in that directory will be skipped and won't be backed up.
Setting the group to operator (but still having a uid other than 0) still won't
allow him/her to access files of another user in a closed directory.  Is this
correct?

Possible solution:  Write an program that only allows a person with real UID of
whatever to run it, the program exec's tar with proper arguments, and make sure
the program is SUID so it will run as root.  If it only exec's tar, you wont
have to worry about it being used to remove files,*around with stuff,
etc.

 
 
 

setuid-root and rsh?

Post by Casper H.S. D » Sat, 29 Jun 1996 04:00:00



>Perhaps I don't understand, but is the problem the user can't access the tape
>device, or is it that the backup person cannot access the files to be backed
>up?  If a common user has his account closed, ie  drwx------, I think ONLY
>a process with UID 0 will be able to access those files and backup properly,
>otherwise, files in that directory will be skipped and won't be backed up.
>Setting the group to operator (but still having a uid other than 0) still won't
>allow him/her to access files of another user in a closed directory.  Is this
>correct?

That's not correct.  dump works by reading the disk device, not by reading
the directory tree.  As such, nortmal file permissions don't apply to
dump/ufsdump, only the read permission on /dev/dsk/* apply.

In Solaris this allows backups to be made by group sys
(but you might want to change that as group sys allows a lot of
other accesses), in SunOS group operator has such access.

Casper
--
Casper Dik - Sun Microsystems - via my guest account at the University

Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

setuid-root and rsh?

Post by Jim Troc » Thu, 04 Jul 1996 04:00:00



Quote:> I would like to allow a user without root access to be in charge of doing
> the tape backups of a small SunOS/Solaris system (30 machines).  I currently
> have a single shell-script that will do the dump.  I would like to setuid to
> root, and allow the user just to load the tape and run the shell-script.

sudo might be the tool for the job here.
 
 
 

1. Security holes in VGA setuid-root utils

My site was broken into a few months ago using one of the VGA utilities in
/usr/bin that was setuid-root.  It has a hole which allows any file
(/etc/passwd in my case) to be overwritten.  I have since then removed the
setuid bit from it and other programs.

I would recommend against having these VGA utilities setuid-root.  In fact,
I set mine to be runnable by no one EXCEPT root.  Someone could break in
from offsite and tweak your VGA settings, preventing you from seeing what's
being done!  Has anyone else had experience with this hole?

Josh

--
       ______   printf("\x1B[1;35m\x1F\x1B[0m");            "Look to the/\
JoSH Lehan  /                                                future!"--/{}\

         \/                                  ^^^ Try Linux instead.  /______\

2. Printing with apsfilter (SUSE8.0)

3. setuid-root ? basic questions

4. copy/paste problem

5. setuid-root programs and pipes to other processes

6. Unexpected tape drive behavior

7. Core dump and setuid-root

8. gftp

9. Safe setuid-root shell script?

10. Help with setuid-root

11. pppd in 'setuid-root' mode

12. Help w/ setuid-root please?

13. help: pppd and setuid-root problem