The password information of an user account is saved in /etc/shadow file. When you check the file permission of it, you would see that it has Read permission ONLY for root. So ever wondered how can a normal user will be able to Write on this file while executing the ‘passwd’ command for changing his password ??
[adevaraju@hostx ~]$ ls -l /etc/shadow
-r-------- 1 root root 1436 Oct 6 14:40 /etc/shadow
[adevaraju@hostx ~]$
There comes SUID in picture……..If you check the file permission for ‘passwd’ command, you can see that it has a SUID (Set User ID) set for it as shown below. Now lemme tell the definition of SUID. “When SUID bit is set for any command then whoever executes that command, will execute it with the privilege of file owner”.
Here w.r.t ‘passwd’ command, when a normal user executes it, then it will run with “root” ownership. As root user can over-write any local files, he can update the /etc/shadow file, though it doesn’t have Write permission on it. And that’s how a normal user can change his password.
[adevaraju@hostx ~]$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 22984 Jan 6 2007 /usr/bin/passwd
[adevaraju@hostx ~]$
How to set SUID ?
# chmod u+s <command/script name>
(or)
# chmod 4755 <command/script name>
How to search files with SUID set?
# find / -perm -4000 -type f -print
Please note while doing security audit on a server, finding and reviewing the existence of executables with SUID set is an important action item that needs to be taken care; as there are very dangerous.
Refer: http://www.bashguru.com/2010/03/unixlinux-advanced-file-permissions.html
Refer: http://www.bashguru.com/2010/03/unixlinux-advanced-file-permissions.html
This is a great post ...
ReplyDeleteI would like to add a little to it...
This is just an example..
Sometimes you get an error like
[root@Server ~]#sudo su -
sudo: must be setuid root
For such issues , you need to change the permissions like this ..
chmod u+s /usr/bin/sudo
Thanks for your inputs.
Delete-Ashok