ucred when euid/egid
Clifton Royston
cliftonr at lava.net
Sat Nov 28 18:28:05 UTC 2009
> Date: Fri, 27 Nov 2009 19:56:59 +0300
> From: Anthony Pankov <ap00 at mail.ru>
> Subject: ucred when euid/egid
> To: freebsd-hackers at freebsd.org
> Message-ID: <15434604890.20091127195659 at mail.ru>
> Content-Type: text/plain; charset=us-ascii
>
> Hello,
>
> I face some misunderstood situation related to the access permissions.
>
>
> There is a program(script) with the suid/sgid (mode 6555):
>
> r-sr-sr-x fuser:proggroup theprog
>
> There is a file:
> rw-rw---- someone:filegroup thefile
>
>
> User 'fuser' (==program euid) have primary group 'filegroup'(==group,
> who can read/write thefile).
>
> Program try to read(write) thefile and fail with permissions.
>
> I don't fully understand why.
There is no bug; when you use the suid/sgid facility, the program
gains the effective user ID and/or the effective GID of the executable.
It does *not* gain any gids which the effective user is added to at
login.
man seteuid for more info.
In what you have shown, theprog has neither the same user (fuser vs.
someone) nor the same group (proggroup vs. filegroup) as the file you
want it to modify.
For what you want to do to work correctly, you would need to either
make theprog's ownership be:
anyuser:filegroup
or
fuser:proggroup
-- Clifton
--
Clifton Royston -- cliftonr at iandicomputing.com / cliftonr at lava.net
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
More information about the freebsd-hackers
mailing list