> Date: Fri, 27 Nov 2009 19:56:59 +0300
> From: Anthony Pankov <a...@mail.ru>
> Subject: ucred when euid/egid
> To: freebsd-hackers@freebsd.org
> Message-ID: <15434604890.20091127195...@mail.ru>
> Content-Type: text/plain; charset=us-ascii
>
> Hello,
>
> I face some misunderstood situation related to the access permissions.
>
>
> There is a program(script) with the suid/sgid (mode 6555):
>
> r-sr-sr-x fuser:proggroup theprog
>
> There is a file:
> rw-rw---- someone:filegroup thefile
>
>
> User 'fuser' (==program euid) have primary group 'filegroup'(==group,
> who can read/write thefile).
>
> Program try to read(write) thefile and fail with permissions.
>
> I don't fully understand why.
There is no bug; when you use the suid/sgid facility, the program
gains the effective user ID and/or the effective GID of the executable.
It does *not* gain any gids which the effective user is added to at
login.
man seteuid for more info.
In what you have shown, theprog has neither the same user (fuser vs.
someone) nor the same group (proggroup vs. filegroup) as the file you
want it to modify.
For what you want to do to work correctly, you would need to either
make theprog's ownership be:
anyuser:filegroup
or
fuser:proggroup
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
