Why suid bit is unset after file modification

permissionssetuid

I have an (s|g)uid file world-writable:

ls -lh suid_bin.sh
-rwsr-srwx 1 root root 168 mai   23 16:46 suid_bin.sh

logged with a non-root user account. I use vi (or another editor) to modify "suid_bin.sh". After saving the new content, (s|g)uid bits are unset:

ls -lh suid_bin.sh 
-rwxr-xrwx 1 root root 168 mai   23 16:46 suid_bin.sh

Why? Is there a way to keep (s|g)uid bits after modification?

Best Answer

Unix permissions allow writing to file if accidentally someone will set group or world writable bit on setuid file, but disallow changing owner and group ids on such files by strangers.

So after modification kernel drops setuid/setgid bits from file to ensure there is no malicious code was written to file.

root user of course can restore setuid bit, but ordinary user, if he, by someone's mistake gained write access to privileged executable will not be able to exploit it.

And, knowing parts of kernel in that area I am not sure you can disable that without editing source code of kernel and recompiling.

Note that setuid scripts in Linux do not gain setuid status after execution because actually kernel starts the script interpreter, without setuid status, with the full path to script as it's last parsed argument, and then interpreter reads the script as an ordinary file. But this can vary on other Unix systems.

Related Solutions

CentOS – Resolving Write Permission Issues

The installation of Apache may appears to be running as root but in actuality it's running as the user apache. You can check this by looking in this file:

$ grep "^User" /etc/httpd/conf/httpd.conf
User apache

Your entire wordpress directory should likely be owned by this user if you're planning on managing the installation using wordpress through the web UI.

I usually create a separate directory for wordpress like this:

$ pwd
/var/www
$ ls -l | grep wordpress
drwxr-xr-x. 5 apache apache    4096 Apr 25 19:27 wordpress

Here's the contents of the wordpress directory just so you can see it:

-rw-r--r--. 1 apache apache      395 Jan  8  2012 index.php
-rw-r--r--. 1 apache apache  5009441 Jan 23 13:40 latest.tar.gz
-rw-r--r--. 1 apache apache    19929 May  6  2012 license.txt
-rw-r--r--. 1 apache apache     9177 Jan 25 11:25 readme.html
-rw-r--r--. 1 apache apache     4663 Nov 17  2012 wp-activate.php
drwxr-xr-x. 9 apache apache     4096 Dec 11  2012 wp-admin
-rw-r--r--. 1 apache apache      271 Jan  8  2012 wp-blog-header.php
-rw-r--r--. 1 apache apache     3522 Apr 10  2012 wp-comments-post.php
-rw-rw-rw-. 1 apache apache     3466 Jan 23 17:15 wp-config.php
-rw-r--r--. 1 apache apache     3177 Nov  1  2010 wp-config-sample.php
drwxr-xr-x. 7 apache apache     4096 Apr 24 20:15 wp-content
-rw-r--r--. 1 apache apache     2718 Sep 23  2012 wp-cron.php
drwxr-xr-x. 9 apache apache     4096 Dec 11  2012 wp-includes
-rw-r--r--. 1 apache apache     1997 Oct 23  2010 wp-links-opml.php
-rw-r--r--. 1 apache apache     2408 Oct 26  2012 wp-load.php
-rw-r--r--. 1 apache apache    29310 Nov 30  2012 wp-login.php
-rw-r--r--. 1 apache apache     7723 Sep 25  2012 wp-mail.php
-rw-r--r--. 1 apache apache     9899 Nov 22  2012 wp-settings.php
-rw-r--r--. 1 apache apache    18219 Sep 11  2012 wp-signup.php
-rw-r--r--. 1 apache apache     3700 Jan  8  2012 wp-trackback.php
-rw-r--r--. 1 apache apache     2719 Sep 11  2012 xmlrpc.php

I usually also manage any Apache configs related to wordpress in it's own wordpress.conf file under this directory,/etc/httpd/conf.d/`.

# wordpress.conf
Alias / "/var/www/wordpress/"
<Directory "/var/www/wordpress/">
Order Deny,Allow
Deny from all
#Allow from 127.0.0.1 192.168.1
Allow from all
AllowOverride all
</Directory>
#RewriteLog "/var/www/wordpress/rewrite.log"
#RewriteLogLevel 3

Using SUID bit to drop privileges

As you correctly state a SUID bit, sets the effective user-id of the new process to the owner of the program file being run. There's no concept of raising or lowering privileges. Often the user to which one "suids" is root, but it can just as legitimately be any other, and doesn't really change the concept of SUID, when you choose another, apart from some users have access to certain resources. However the root user is a little bit special, and the man page for setuid, explains the subtle differences. I don't think there is a special name for changing to a non-root user, and I have never associated suid meaning going up in privilege, just changing user.
Since you are developing the master yourself which runs as root it can setuid to any user after forking but before exec-ing the new process, I dont see that suid bit has to be used on executable at all, and incidently if you don't, then if any-old user ran the player, since executable is not suid, they wouldn't be able to run it correctly since setuid will fail if they were not root. For me this seems like better security, than using suid bits on executable files.

--- edit 1

So your manager (running as real and effective uid=0) starts player and you code/control player (not manager). If you do nothing special, then player will run with real+effective uid=0 and you want to prevent this.

You could just switch uid in player, no SUID bits on player, no need.

Best Answer

Related Solutions

CentOS – Resolving Write Permission Issues

Using SUID bit to drop privileges

Related Question