setuid and secondary group on HPUX

From: cc (ultraman_at_rogers.com)
Date: 05/19/04

• Next message: Doug O'Leary: "Re: Distinguishing same disk on multiple paths"
• Previous message: Nissan 350Z: "Re: Distinguishing same disk on multiple paths"
• Next in thread: Kevin Collins: "Re: setuid and secondary group on HPUX"
• Reply: Kevin Collins: "Re: setuid and secondary group on HPUX"
• Reply: Barry Margolin: "Re: setuid and secondary group on HPUX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 19 May 2004 14:18:40 -0400

Hi there,
    I wrote a program which will setuid to a user and then run a script. But
I have problem running the script with the group ID belongs to the secondary
group of the user. It runs fine on AIX. But no on HP11.0

Here is the code how I setuid

// Set up the env stuff
setEnvVar("HOME", pswd->pw_dir);
char* shell = pswd->pw_shell;
if (!shell || *shell == 0) shell = const_cast<char*>(BINSH);
setEnvVar("SHELL", shell);
setEnvVar("USER", pswd->pw_name);
setEnvVar("LOGNAME", pswd->pw_name);

 if (setgid(pswd->pw_gid))
 {
  cybspawnLog("Could not setgid(%d): error %d (%s)",
    pswd->pw_gid, errno, strerror(errno));
  return false;
 }

 if (initgroups(pswd->pw_name, pswd->pw_gid)) {
  cybspawnLog("Could not initgroups(\"%s\", %d): error %d (%s)",
    pswd->pw_name, errno, strerror(errno));
  return false;
 }

 if (setuid(pswd->pw_uid))
 {
  cybspawnLog("Could not setuid(%d): error %d (%s)",
    pswd->pw_uid, errno, strerror(errno));
  return false;
 }

Scripts permission:
-rwxr-x--- 1 user1 adm 1038 Mar 31 2003
/u1/scripts/testll3

User test:
uid=364(test) gid=1(staff) groups=4(adm)

I start the program as root then setuid to user test, but I can't run the
scripts testll3. I can run the scripts if I login or su to user test but not
in the program. So Im wondering if I need to do something else to make it
work with setuid.

Thanks in advance

• Next message: Doug O'Leary: "Re: Distinguishing same disk on multiple paths"
• Previous message: Nissan 350Z: "Re: Distinguishing same disk on multiple paths"
• Next in thread: Kevin Collins: "Re: setuid and secondary group on HPUX"
• Reply: Kevin Collins: "Re: setuid and secondary group on HPUX"
• Reply: Barry Margolin: "Re: setuid and secondary group on HPUX"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: CGI security on a shared web server (fwd) ... >> support setuid scripts ... I don't see why someone would suEXEC setuid perl scripts. ... (SecProg) Re: setuid and secondary group on HPUX ... > I wrote a program which will setuid to a user and then run a script. ... > I start the program as root then setuid to user test, ... > scripts testll3. ... You need to account for the needed group permission by changing your setgid to ... (comp.sys.hp.hpux) Re: SetUID shell/perl scripts. ... > freeBSD doesn't support setuid shell scripts. ... In FreeBSD, it is enabled and such scripts work. ... # chmod 511 /usr/bin/suidperl ... (FreeBSD-Security) Re: Secure issues on the usage of exec ... > the shell may actually be a posix shell. ... first you have to get a setuid ksh script running. ... Linux doesn't support setuid scripts. ... (comp.unix.shell) setuid and secondary group on HPUX ... I wrote a program which will setuid to a user and then run a script. ... I have problem running the script with the group ID belongs to the secondary ... Scripts permission: ... I start the program as root then setuid to user test, ... (comp.unix.programmer)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint