setgid32() fails - Linux

This is a discussion on setgid32() fails - Linux ; Hi, I recently started using a new Centos based Linux box (kernel version=2.6.11.12). I created a local user and tried to do "su -" to the account. The operation failed with the following message su: warning: cannot change directory to ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: setgid32() fails

  1. setgid32() fails

    Hi,

    I recently started using a new Centos based Linux box (kernel
    version=2.6.11.12). I created a local user and tried to do "su -" to
    the account. The operation failed with the following message

    su: warning: cannot change directory to /home/xxx: Permission denied
    su: /bin/bash: Permission denied

    This led me to writing the following c program

    int main(){
    int rc;
    rc=setuid(xxx); /*returns 0*/
    rc=setgid(yyy); /*returns -1*/
    return 0;
    }

    I made the resulting executable run under strace and found that
    setgid32() is failing.

    setgid32(yyy) = -1 EPERM (Operation not
    permitted)

    Any idea why this is happening? Other boxes running the same OS do not
    have this problem.

    Thanks for going through the mail.

    Regards,
    Deepak Mohanty


  2. Re: setgid32() fails

    On Fri, 20 Oct 2006, dmohanty@gmail.com wrote:

    > rc=setuid(xxx); /*returns 0*/
    > rc=setgid(yyy); /*returns -1*/


    Not sure if this will solve this your particular problem, but you
    definitely have to call setgid() before setuid().

    See defintion of "appropriate privileges" in POSIX.

    --
    Jiri Kosina

  3. Re: setgid32() fails

    Hi,

    > I recently started using a new Centos based Linux box (kernel
    > version=2.6.11.12). I created a local user and tried to do "su -" to
    > the account. The operation failed with the following message
    >
    > su: warning: cannot change directory to /home/xxx: Permission denied
    > su: /bin/bash: Permission denied


    could you show us the right access of /home/xxx?
    $ ls -ld /home/xxx


    > This led me to writing the following c program
    >
    > int main(){
    > int rc;
    > rc=setuid(xxx); /*returns 0*/
    > rc=setgid(yyy); /*returns -1*/
    > return 0;
    > }
    >
    > I made the resulting executable run under strace and found that
    > setgid32() is failing.
    >
    > setgid32(yyy) = -1 EPERM (Operation not
    > permitted)
    >
    > Any idea why this is happening? Other boxes running the same OS do not
    > have this problem.


    That second problem is likely unrelated to the first. For obvious
    reason, you should setgid() before dropping priviledges with setuid()!

    Could you run the "su" command under strace to get better picture of
    what's going on?

    Cheers,
    Loic.


  4. Re: setgid32() fails

    Thanks for the response.

    You are right. The call sequence was incorrect. But the main problem
    remains. I shall post the output of strace in a later mail.

    Regards,
    Deepak Mohanty

    Jiri Kosina wrote:
    > On Fri, 20 Oct 2006, dmohanty@gmail.com wrote:
    >
    > > rc=setuid(xxx); /*returns 0*/
    > > rc=setgid(yyy); /*returns -1*/

    >
    > Not sure if this will solve this your particular problem, but you
    > definitely have to call setgid() before setuid().
    >
    > See defintion of "appropriate privileges" in POSIX.
    >
    > --
    > Jiri Kosina



  5. Re: setgid32() fails

    Hi Loic,

    Thanks for responding.

    I have checked the permissions and they are OK.

    $ ls -ld /home/test
    drwxr-xr-x 2 test neo 4096 Oct 20 18:08 /home/test

    $ id test
    uid=1111(test) gid=2222(neo) groups=2222(neo),2223(buildsdev)

    According to the strace output, chdir failed. Excerpts from the output
    of strace follow.


    6681 execve("/bin/su", ["su", "-", "test"], [/* 43 vars */]) = 0
    ....
    6682 setgroups32(2, [2222, 2223]) = 0
    6682 setgid32(2222) = 0
    6682 setuid32(1111) = 0
    ....
    6682 chdir("/home/test") = -1 EACCES (Permission
    denied)


    I find that only root can do a successful chdir. Nobody else can do a
    chdir no matter where I put the home directory. The home directories
    always have correct permissions and ownership.

    Regards,
    Deepak Mohanty

    loic-dev@gmx.net wrote:
    > Hi,
    >
    > > I recently started using a new Centos based Linux box (kernel
    > > version=2.6.11.12). I created a local user and tried to do "su -" to
    > > the account. The operation failed with the following message
    > >
    > > su: warning: cannot change directory to /home/xxx: Permission denied
    > > su: /bin/bash: Permission denied

    >
    > could you show us the right access of /home/xxx?
    > $ ls -ld /home/xxx
    >
    >
    > > This led me to writing the following c program
    > >
    > > int main(){
    > > int rc;
    > > rc=setuid(xxx); /*returns 0*/
    > > rc=setgid(yyy); /*returns -1*/
    > > return 0;
    > > }
    > >
    > > I made the resulting executable run under strace and found that
    > > setgid32() is failing.
    > >
    > > setgid32(yyy) = -1 EPERM (Operation not
    > > permitted)
    > >
    > > Any idea why this is happening? Other boxes running the same OS do not
    > > have this problem.

    >
    > That second problem is likely unrelated to the first. For obvious
    > reason, you should setgid() before dropping priviledges with setuid()!
    >
    > Could you run the "su" command under strace to get better picture of
    > what's going on?
    >
    > Cheers,
    > Loic.



  6. Re: setgid32() fails

    Hello Deepak,

    > I have checked the permissions and they are OK.
    >
    > $ ls -ld /home/test
    > drwxr-xr-x 2 test neo 4096 Oct 20 18:08 /home/test
    >
    > $ id test
    > uid=1111(test) gid=2222(neo) groups=2222(neo),2223(buildsdev)
    >
    > According to the strace output, chdir failed. Excerpts from the output
    > of strace follow.
    >
    >
    > 6681 execve("/bin/su", ["su", "-", "test"], [/* 43 vars */]) = 0
    > ...
    > 6682 setgroups32(2, [2222, 2223]) = 0
    > 6682 setgid32(2222) = 0
    > 6682 setuid32(1111) = 0
    > ...
    > 6682 chdir("/home/test") = -1 EACCES (Permission
    > denied)
    >

    >
    > I find that only root can do a successful chdir. Nobody else can do a
    > chdir no matter where I put the home directory. The home directories
    > always have correct permissions and ownership.


    I am slowly running out of ideas. What's the permission for /home?
    $ ls -ld /home

    Other questions. Do you have SElinux configured? Do you see any hints
    in the log files (e.g. /var/log/messages, /var/log/secure...)

    See you later,
    Loic.


  7. Re: setgid32() fails

    On 2006-10-21, dmohanty@gmail.com wrote:

    > I find that only root can do a successful chdir. Nobody else can do a
    > chdir no matter where I put the home directory. The home directories
    > always have correct permissions and ownership.


    could be a directory permission thing

    ls -ld / /home /home/*

    Bye.
    Jasen

+ Reply to Thread