Permission problems - though all three UIDs are 0
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: linux-admin@xxxxxxxxxxxxxxx
- Subject: Permission problems - though all three UIDs are 0
- From: Christoph Pleger <christoph.pleger@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 16 Nov 2018 15:50:41 +0100
- User-agent: Roundcube Webmail/1.3.7
Hello,
I have a binary with setuid-root file permissions. Internally, it also
sets the real user id to 0, because the binary calls external programs
from which at least one checks the real user id.
This works well when I call the program as a non-root user from bash
command line, but in the end I want to run the program from PAM module
pam_exec and with that I had/have several problems:
1. Using setuid(0) to set the real user id worked from command line, but
not from pam_exec. Replacing setuid() with setreuid made it work.
2. Removing the setuid bit from file permissions and instead setting
capability cap_setuid works when I call the program from the command
line, but makes pam_exec to refuse execution of the binary completely
(execve: Operation not permitted)
3. Though after setreuid(0) all three UIDs(real, effective and saved)
are 0, one of the external programs still fails with errors probably
caused by permission problems. But you may already have guessed it -
only when my program is called from pam_exec; from command line it
works.
Any ideas why I have permission problems though my program has real,
effective and saved uid 0 and what I can do to get rid of that?
Regards
Christoph
[Index of Archives]
[Linux Newbie]
[Audio]
[Hams]
[Kernel Newbies]
[Util Linux NG]
[Security]
[Netfilter]
[Bugtraq]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux RAID]
[Linux Device Drivers]
[Samba]
[Video 4 Linux]
[Git]
[Fedora Users]
