setgid32() fails

Hi,

I recently started using a new Centos based Linux box (kernel
version=2.6.11.12). I created a local user and tried to do "su -" to
the account. The operation failed with the following message

su: warning: cannot change directory to /home/xxx: Permission denied
su: /bin/bash: Permission denied

This led me to writing the following c program

int main(){
int rc;
rc=setuid(xxx); /*returns 0*/
rc=setgid(yyy); /*returns -1*/
return 0;
}

I made the resulting executable run under strace and found that
setgid32() is failing.

setgid32(yyy) = -1 EPERM (Operation not
permitted)

Any idea why this is happening? Other boxes running the same OS do not
have this problem.

Thanks for going through the mail.

Regards,
Deepak Mohanty

On Fri, 20 Oct 2006, dmohanty@gmail.com wrote:

> rc=setuid(xxx); /*returns 0*/
> rc=setgid(yyy); /*returns -1*/

Not sure if this will solve this your particular problem, but you
definitely have to call setgid() before setuid().

See defintion of "appropriate privileges" in POSIX.

--
Jiri Kosina

Hi,

> I recently started using a new Centos based Linux box (kernel
> version=2.6.11.12). I created a local user and tried to do "su -" to
> the account. The operation failed with the following message
>
> su: warning: cannot change directory to /home/xxx: Permission denied
> su: /bin/bash: Permission denied

could you show us the right access of /home/xxx?
$ ls -ld /home/xxx

> This led me to writing the following c program
>
> int main(){
> int rc;
> rc=setuid(xxx); /*returns 0*/
> rc=setgid(yyy); /*returns -1*/
> return 0;
> }
>
> I made the resulting executable run under strace and found that
> setgid32() is failing.
>
> setgid32(yyy) = -1 EPERM (Operation not
> permitted)
>
> Any idea why this is happening? Other boxes running the same OS do not
> have this problem.

That second problem is likely unrelated to the first. For obvious
reason, you should setgid() before dropping priviledges with setuid()!

Could you run the "su" command under strace to get better picture of
what's going on?

Cheers,
Loic.

Thanks for the response.

You are right. The call sequence was incorrect. But the main problem
remains. I shall post the output of strace in a later mail.

Regards,
Deepak Mohanty

Jiri Kosina wrote:
> On Fri, 20 Oct 2006, dmohanty@gmail.com wrote:
>
> > rc=setuid(xxx); /*returns 0*/
> > rc=setgid(yyy); /*returns -1*/
>
> Not sure if this will solve this your particular problem, but you
> definitely have to call setgid() before setuid().
>
> See defintion of "appropriate privileges" in POSIX.
>
> --
> Jiri Kosina

Hi Loic,

Thanks for responding.

I have checked the permissions and they are OK.

$ ls -ld /home/test
drwxr-xr-x 2 test neo 4096 Oct 20 18:08 /home/test

$ id test
uid=1111(test) gid=2222(neo) groups=2222(neo),2223(buildsdev)

According to the strace output, chdir failed. Excerpts from the output
of strace follow.

6681 execve("/bin/su", ["su", "-", "test"], [/* 43 vars */]) = 0
....
6682 setgroups32(2, [2222, 2223]) = 0
6682 setgid32(2222) = 0
6682 setuid32(1111) = 0
....
6682 chdir("/home/test") = -1 EACCES (Permission
denied)

I find that only root can do a successful chdir. Nobody else can do a
chdir no matter where I put the home directory. The home directories
always have correct permissions and ownership.

Regards,
Deepak Mohanty

loic-dev@gmx.net wrote:
> Hi,
>
> > I recently started using a new Centos based Linux box (kernel
> > version=2.6.11.12). I created a local user and tried to do "su -" to
> > the account. The operation failed with the following message
> >
> > su: warning: cannot change directory to /home/xxx: Permission denied
> > su: /bin/bash: Permission denied
>
> could you show us the right access of /home/xxx?
> $ ls -ld /home/xxx
>
>
> > This led me to writing the following c program
> >
> > int main(){
> > int rc;
> > rc=setuid(xxx); /*returns 0*/
> > rc=setgid(yyy); /*returns -1*/
> > return 0;
> > }
> >
> > I made the resulting executable run under strace and found that
> > setgid32() is failing.
> >
> > setgid32(yyy) = -1 EPERM (Operation not
> > permitted)
> >
> > Any idea why this is happening? Other boxes running the same OS do not
> > have this problem.
>
> That second problem is likely unrelated to the first. For obvious
> reason, you should setgid() before dropping priviledges with setuid()!
>
> Could you run the "su" command under strace to get better picture of
> what's going on?
>
> Cheers,
> Loic.

Hello Deepak,

> I have checked the permissions and they are OK.
>
> $ ls -ld /home/test
> drwxr-xr-x 2 test neo 4096 Oct 20 18:08 /home/test
>
> $ id test
> uid=1111(test) gid=2222(neo) groups=2222(neo),2223(buildsdev)
>
> According to the strace output, chdir failed. Excerpts from the output
> of strace follow.
>
>
> 6681 execve("/bin/su", ["su", "-", "test"], [/* 43 vars */]) = 0
> ...
> 6682 setgroups32(2, [2222, 2223]) = 0
> 6682 setgid32(2222) = 0
> 6682 setuid32(1111) = 0
> ...
> 6682 chdir("/home/test") = -1 EACCES (Permission
> denied)
>
>
> I find that only root can do a successful chdir. Nobody else can do a
> chdir no matter where I put the home directory. The home directories
> always have correct permissions and ownership.

I am slowly running out of ideas. What's the permission for /home?
$ ls -ld /home

Other questions. Do you have SElinux configured? Do you see any hints
in the log files (e.g. /var/log/messages, /var/log/secure...)

See you later,
Loic.

On 2006-10-21, dmohanty@gmail.com wrote:

> I find that only root can do a successful chdir. Nobody else can do a
> chdir no matter where I put the home directory. The home directories
> always have correct permissions and ownership.

could be a directory permission thing

ls -ld / /home /home/*

Bye.
Jasen

setgid32() fails - Linux

Thread: setgid32() fails

LinkBack

Tools

setgid32() fails

Re: setgid32() fails

Re: setgid32() fails

Re: setgid32() fails

Re: setgid32() fails

Re: setgid32() fails

Re: setgid32() fails