Setuid, Setgid, Sticky Bit

There's something really weird happening with permissions on a directory in linux. I have the directory /dir

Code:
ls -ld /dir
drwxrwxrwx. 2 root root 4096 Jan  8 00:06 dir
chmod 2777 /dir [this sets the setgid bit on]
ls -ld /dir
drwxrwsrwx. 2 root root 4096 Jan  8 00:06 /dir

And this is what I expect it to do.
However, when I change it to setid (WITHOUT setgid), it simply doesn't work. Instead of overwriting, it cumulates:
Code:
chmod 4777 /dir [for setting setuid bit on]
drwsrwsrwx. 2 root root 4096 Jan  8 00:06 /dir

As you can see, the setgid bit is still on together with the setuid! However, if I run:
Code:
chmod -s /dir

then the file has a 0777 permission.

And then again, if I change its permission to 4777 (so setuid):
Code:
chmod 4777 /dir
drwsrwxrwx. 2 root root 4096 Jan  8 00:06 /dir

it acts normally. So the same chmod 4777 acts differently in two different contexts.

I really can't understand it. Basically, I cannot get rid of the setuid/setgid through binary permissions. The sticky bit works fine. Changing from 1777 to 0777 adds and removes "t" respectively. What am I to make of all this? This behaviour makes no sense to make especially given that we can change the permissions to 6777 (setuid + setgid).


Similar Content



Why Should I Always Use Chmod When Not As A Root User

System Info:

I have normal user in CentOS 7 whose name is "mostafa" (the name of the account).

I naturally have another user called root with all privileges. User "mostafa" is put into sudoers file, too.

The OS is installed in VmWare, so the system is all mine.

Problem:

Now I create a file with touch file.sh and put a command in it, but when I want to run it with Code:
sudo ./file.sh

, an error is shown that the command Code:
./file.sh

does not exist. But if I Code:
 sudo chmod 777 ./file.sh

then it gets run. My question is that, why should I use Code:
chmod 777

when I myself have created the file, and I am in sudoers.

Can anyone explain me why shuold I still use Code:
sudo chmod 777

when the creator of the file is me.

Setfacl Help

I can't believe I wrote a looong message and it logged me out when I tried to submit it.

So anyway, in short lines:

- I have a network of sites where all sites share same "images" folder
- I have created /home/_images/entities and symlinked it from all websites
- It works great with Apache, when I open /images/ on any of the sites I get list of images and can view them

The problem is suPHP which changes process ID of the PHP script to the file owner ID, so when I load site1.com, all scripts are executed as user1 (and files/folders created with those scripts belong to user1:user1). When I load site2.com, all scripts are executed as user2 (and files/folders created with those scripts belong to user2:user2). All these users do NOT belong to the same group, and I wouldn't like to change that as it is cPanel/WHM server so I'm afraid I'll screw something up if I change (primary?) group of all users.

Therefore I need to set it up in such way that all newly created folders and files under /home/_images/entities (owned by root) have read/write permissions for everyone.

Here's the command I used:

Code:
setfacl -Rdm o::rwx /home/_images/entities

To check it:
Code:
root@server1 [~]# getfacl /home/_images/entities/
getfacl: Removing leading '/' from absolute path names
# file: home/_images/entities/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:other::rwx

This looks fine, however when I try upload an image via site1.com it looks like this:

Code:
root@server1 [/home/_images/entities]# ls -l
total 24
drwxrwxrwx+ 5 root    root    4096 Jan 14 06:25 ./
drwxrwxrwx  5 root    root    4096 Jan 12 13:08 ../
drwxrwxr-x+ 3 user1   user1   4096 Jan 14 06:25 1/

And in folder "1" is the image (and thumbs folder):

Code:
root@server1 [/home/_images/entities/1]# ls -l
total 236
drwxrwxr-x+ 3 user1   user1     4096 Jan 14 06:25 ./
drwxrwxrwx+ 5 root    root      4096 Jan 14 06:25 ../
-rw-rw-rw-  1 user1   user1   225569 Jan 14 06:25 689048f221ab7c556f4d482a9d92b2d6.jpg
drwxrwxr-x+ 2 user1   user1   4096 Jan 14 06:25 thumbs/

My questions:

1) Why newly created folders do not have "write" permissions for everyone else [not user and/or group]? If I upload first image from site1.com, then I can't upload other images from any other site, while all sites can display them.

2) What is the + at the end of permissions list? (drwxrwxr-x+)

3) Why newly created files have only "rw" permissions for user, group AND everyone else, and not execute permissions? I don't actually need execute flag set here, but from my command you can see I've set "o::rwx" so it should be there (or not?)

Actually the real problem is #1 - other users can't write to this folder so users can't upload images from other sites nor other sites can create (missing) thumbnails.

Problem With (instalation Of?) Mysql.h On C

Hi, I've just recently installed MySQL connector/c from source code on my Slackware 14.1 x64

I read the official instructions of the connector but I felt a bit disorientated when I read:
Code:
1 -Change location to the top-level directory of the source distribution.

I interpreted that I have to go to the "highest" directory Code:
/

So I wrote: Code:
 
        #                            cd /

root@- /#                            tar xzvf /home/normal/Downloads/mysql-connector-c-6.1.6-src.tar.gz 

root@- /#                            cd /mysql-connector-c-6.1.6-src/

root@- /mysql-connector-c-6.1.6-src# cmake -G "Unix Makefiles"

root@- /mysql-connector-c-6.1.6-src# make 

root@- /mysql-connector-c-6.1.6-src# make install

Then I did:
Code:
ln -s /usr/local/mysql-5.6.25/include /usr/include

But when I try to compile a program in c with #include <mysql.h> i get this error:
Code:
# gcc ctemp.c 
In file included from ctemp.c:2:0:
/usr/include/mysql.h:57:27: fatal error: mysql_version.h: No such file or directory
 #include "mysql_version.h"
                           ^

What can I do? Thanks a lot and sorry for poor english

PD: If you need the official instructions I paste here the link: https://dev.mysql.com/doc/connector-...on-source.html

Sharing Folders And Mounting Shares With SetGID / Samba

OK this is kinda long, so I will shorten it as much as I can, as to not be long-winded.

My current network at home:
1 - CentOS 7 desktop (server)
1 - Ubuntu 14.04 desktop
1 - Fedora 21 laptop
2 - Windows 7 desktops
some other various windows boxes also that don't get used regularly, but are on the network.

My 2 Linux desktops (which I use as servers, but they really aren't) have shared folders on them, which I share to the network via Samba (CIFS). I use Samba because Linux is smarter than Windows and Windows won't read NFS, so I share them as Samba so all devices can see them.

Generally speaking, if I share the folders on each box as 0777, I have no issues. But lately I have been wanting to implement some better security, so I wanted to SETGID and chown the shared folders from the local machine to a specific group, then change the folders to 2774.

My problem is that I keep getting permissions errors when trying to connect from the other Linux machines, and sometimes the Windows machines also. My main question is: do I CHMOD 2774 the local mount-point before mounting it? Or so I CHMOD 2774 the shared folder on the other server, then mount it locally to a folder whose permissions are different? Or do I CHMOD both of them the same?

basically the uis and gid ownerships change on a local folder when I mount a shared drive to that folder, so when I try to write or sometimes read that local folder, I get permissions errors.

I can provide any additional info needed.

Sed: Transforming 'ls-laR' Output Into A List With Absolute Paths

Hello, this is my first post
First i would like to thank you all for answering other people questions because I've been able to learn from the forum a lot.

I need your help with something.
I have standard output from 'ls -laR /etc' command which looks like this:
Code:
/etc/X11/xorg.conf.d:
total 4
drwxr-xr-x. 2 root root  29 Apr  1 00:46 .
drwxr-xr-x. 5 root root  54 Apr  1 00:43 ..
-rw-r--r--. 1 root root 232 Apr  1 00:46 00-keyboard.conf

/etc/xdg:
total 12
drwxr-xr-x.  4 root root   36 Apr  1 00:43 .
drwxr-xr-x. 87 root root 8192 Apr 12 13:53 ..
drwxr-xr-x.  2 root root    6 Jun 10  2014 autostart
drwxr-xr-x.  2 root root   17 Apr  7 01:25 systemd

by using sed command:
Code:
sed -e '/./!d' -e '/^total/d' -e '/\.$/d' -e 's/:$/\//' list.txt

I have transformed it to the following form:

Code:
/etc/X11/xorg.conf.d/
-rw-r--r--. 1 root root 232 Apr  1 00:46 00-keyboard.conf
/etc/xdg/
drwxr-xr-x.  2 root root    6 Jun 10  2014 autostart
drwxr-xr-x.  2 root root   17 Apr  7 01:25 systemd

and now I would like to achieve absolute paths at the end of each row

Code:
-rw-r--r--.  1 root root  232 Apr  1 00:46 /etc/X11/xorg.conf.d/00-keyboard.conf
drwxr-xr-x.  2 root root    6 Jun 10  2014 /etc/xdg/autostart
drwxr-xr-x.  2 root root   17 Apr  7 01:25 /etc/xdg/systemd


How do I join(merge) filenames with corresponding absolute path to their parent directory?



I know how to extract filenames using awk and get this:
Code:
00-keyboard.conf

autostart
systemd

but I don't know what to do next. Should I use some hitech sed option or go for loop or try with arrays? Help. Heeeelp

Ln With -t Option, To Create Relative Symlink Not Working

I'm trying to recreate a relative symlink, to link "asymlink" to "somedir/actualfile" in /root/test/ but its creating 2 symlinks instead.

Code:
[root]# ln -t /root/test/ -s somedir/actualfile asymlink
[root]# ll /root/test/
total 4
lrwxrwxrwx 1 root root   18 Feb 16 06:15 actualfile -> somedir/actualfile
lrwxrwxrwx 1 root root    8 Feb 16 06:15 asymlink -> asymlink
drwxr-xr-x 2 root root 4096 Feb 16 06:15 somedir

I can do it with
Code:
cd /root/test
ln -s somedir/actualfile asymlink

but I'm trying to avoid the cd, and also avoid using the full path.

Does anyone know why the -t flag isn't working as expected?

File Permissions

I am trying to learn how to set up Authentication Keys to log in to my server.

Could someone please explain what the following code does...
Code:
chown -R example_user:example_user .ssh
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Thanks,


Rob

Problem With NFS Sharing Between Two Raspberry Pis

I have two raspberrys, one running OSMC and another running raspbian. The first one has two 1TB hard drives plugged in through a powered usb hub. I want to access to the osmc hard drives from the one running raspbian. They are both in the same local network, the osmc one has the ip 192.168.1.24 and the raspbian one has 192.168.1.28. Both are static ips.

These are the hard drives::
Code:
osmc@osmc:~$ ls /media/ -la
total 36
drwxr-xr-x  4 root root  4096 Mar 31 18:28 .
drwxr-xr-x 23 root root  4096 Mar 15 13:35 ..
drwx------  1 osmc osmc  8192 Mar 30 21:54 ELEMENTS
-rw-r--r--  1 root root   232 Mar  6 13:34 README
drwx------  1 osmc osmc 16384 Mar 30 15:22 TOURO

ELEMENTS and TOURO, two ntfs hard drives that work just fine.

I tried sharing the first one through nfs with the following config (i copied the parameters from a tutorial):
Code:
osmc@osmc:~$ cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#
/media/ELEMENTS/Pelis/ 192.168.1.0/24(rw,subtree_check,insecure,no_root_squash)
/media/TOURO/Series/ 192.168.1.0/24(rw,subtree_check,insecure,no_root_squash)

and from the pi running raspbian I have confirmed that I can see the drives being shared:
Code:
 /media $ showmount -e 192.168.1.24
Export list for 192.168.1.24:
/media/TOURO/Series/   192.168.1.0/24
/media/ELEMENTS/Pelis/ 192.168.1.0/24

Now, when I try to mount them, all works fine, but when I ls the folders nothing cames back. This is my fstab:
Code:
1cat /etc/fstab
proc            /proc           proc    defaults          0       0
/dev/mmcblk0p1  /boot           vfat    defaults          0       2
/dev/mmcblk0p2  /               ext4    defaults,noatime  0       1
# a swapfile is not a swap partition, so no using swapon|off from here on, use  dphys-swapfile swap[on|off]  for that
UUID=fdff96e6-816c-d001-e05f-96e6816cd001 /media/hdd/ auto defaults,user 0 0 #external hdd

192.168.1.24:/media/ELEMENTS/Pelis /media/pelis nfs rsize=8192,wsize=8192,timeo=14,intr
192.168.1.24:/media/TOURO/Series /media/series nfs rsize=8192,wsize=8192,timeo=14,intr

Code:
apoc@raspbian ~ $ ls /media/pelis/
apoc@raspbian ~ $

The superweird thing is that they are mounted, as they show up if I run "df -h"

Code:
 df -h
S.ficheros                         Tamaņo Usados  Disp Uso% Montado en
rootfs                               7,2G   2,6G  4,4G  37% /
/dev/root                            7,2G   2,6G  4,4G  37% /
devtmpfs                             484M      0  484M   0% /dev
tmpfs                                 98M   380K   98M   1% /run
tmpfs                                5,0M      0  5,0M   0% /run/lock
tmpfs                                195M      0  195M   0% /run/shm
/dev/mmcblk0p1                        56M    15M   42M  26% /boot
/dev/sda1                            219G   4,7G  202G   3% /media/hdd
192.168.1.24:/media/ELEMENTS/Pelis   932G   742G  191G  80% /media/pelis
192.168.1.24:/media/TOURO/Series     932G   813G  120G  88% /media/series

Code:
ls /media/ -la
total 808
drwxr-xr-x  5 root root   4096 abr  2 18:36 .
drwxr-xr-x 22 root root   4096 mar 25 16:14 ..
drwxr-xr-x  5 apoc apoc   4096 abr  2 13:12 hdd
drwx------  1 apoc pi   786432 mar 30 22:03 pelis
drwx------  1 apoc pi    28672 mar 29 16:09 series

Note that the group for the two folders is "pi", but if I umount the drives it becomes "apoc" (my nick and my personal group).
Code:
ls /media/ -la
total 20
drwxr-xr-x  5 root root 4096 abr  2 18:36 .
drwxr-xr-x 22 root root 4096 mar 25 16:14 ..
drwxr-xr-x  5 apoc apoc 4096 abr  2 13:12 hdd
drwxr-xr-x  2 apoc apoc 4096 abr  2 18:36 pelis
drwxr-xr-x  2 apoc apoc 4096 abr  2 18:36 series

Both users ("osmc" in the osmc pi and "apoc" in the raspbian one) have the same uid: 1000.

What am i doing wrong?

Using Cut -d" " To Cut Out The String Before, Not After

Hi Guys,
i have this Code:
uid=0(root) gid=0(root)

i would like to have the word "root" only from the first field, and later from the second field

i use the command
Code:
[root@v1-6 ~]# cat test-uid |cut -d"(" -f1
brms2
uid=0

[root@v1-6 ~]# cat test-uid |cut -d")" -f1
brms2
uid=0(root

it cut the word after the -d, how can i make it to cut the word BEFORE the -d

expected should be:
cut -d"(" -f1
root)

then i can proceed to eliminate the ) later on.
hope this is not confusing you guys

Thanks,

Why Vsftp Can Do It, But Openssh Sftp Cannot ? (chroot)

Dear all,

This is long story cut short, with vsftp, if i set this parameters in the vsftp.conf file below

Code:
local_enable=YES
chroot_local_users=YES

I am able to login to the ftp account, see and list my home/user directory, and if i do a cd / or cd .. , i will still be chroot to my /home/user directory.

without, the need to chmod or or chown anything to my /home/user directory

=============================================

With openSSH, internal_sftp, even though I have set the sshd_conf to

Code:
Match user alankoh
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/%u

I will need to change owner my /home/user directory to have root becomes it owner.
============================================

Q1) why this difference ? How does vsftp chroot without changing the /home/user folder ownership ?

Q2) i realize that openssh ChrootDirectory parameter causes my default login directory to be set as that of the parameter.
(e.g. if i set to "/whatever/xyz", i will be brought to that /whatever/xyz everytime i login to the sftp instead of my /home/user folder.

Why ? I thought that ChrootDirectory is just a security measure to specify the directory to go to in case the user cd to root (e.g. cd /), else not, i should still go to my /home/user folder everytime i login to sftp.

Regards,
Noob