Professional Web Applications Themes

regular user's command being owned by root - Sun Solaris

I posted this yesterday with a subject line that turns out to be off topic. So I re-post. I have a problem where processes (or perhaps the *first process*) are being run as the root user even though they were started by a normal user. For example, I'm logged in as "sdeal" a user belonging to the group "staff". I issue the command "ps -ef | grep root" .... this is a snippet of what I see. sdeal 15974 15874 0 17:06:20 pts/3 0:00 grep root root 15973 15874 1 17:06:20 pts/3 0:00 ps -eaf I've created other users using ...

  1. #1

    Default regular user's command being owned by root

    I posted this yesterday with a subject line that turns out to be off
    topic. So I re-post.
    I have a problem where processes (or perhaps the *first process*) are
    being run as the root user even though they were started by a normal
    user. For example, I'm logged in as "sdeal" a user belonging to the
    group "staff". I issue the command "ps -ef | grep root" .... this is
    a snippet of what I see.
    sdeal 15974 15874 0 17:06:20 pts/3 0:00 grep root
    root 15973 15874 1 17:06:20 pts/3 0:00 ps -eaf

    I've created other users using the admintool, but this behavior
    remains. Can anyone explain what might be going on here?
    Thx
    Steven Guest

  2. #2

    Default Re: regular user's command being owned by root

    net (Steven) writes:
     
     

    ps is setuid root so it runs as root, always.


    Casper
    --
    Expressed in this posting are my opinions. They are in no way related
    to opinions held by my employer, Sun Microsystems.
    Statements on Sun products included here are not gospel and may
    be fiction rather than truth.
    Casper Guest

  3. #3

    Default Re: regular user's command being owned by root

    On Thu, 07 Aug 2003 15:57:12 +0000, Casper H. S. Dik wrote:
     

    [distfiles]$ whoami
    duhring
    [distfiles]$ ps -eaf | grep ps
    duhring 15808 364 0 11:45:45 pts/5 0:00 grep ps
    duhring 15807 364 1 11:45:45 pts/5 0:00 ps -eaf
    [distfiles]$ uname -a
    SunOS tarfu 5.9 Generic_112233-07 sun4u sparc SUNW,Ultra-1

    Dave Guest

  4. #4

    Default Re: regular user's command being owned by root

    On Thu, 07 Aug 2003 11:47:42 -0500, Dave Uhring wrote:
     
    >
    > [distfiles]$ whoami
    > duhring
    > [distfiles]$ ps -eaf | grep ps
    > duhring 15808 364 0 11:45:45 pts/5 0:00 grep ps
    > duhring 15807 364 1 11:45:45 pts/5 0:00 ps -eaf
    > [distfiles]$ uname -a
    > SunOS tarfu 5.9 Generic_112233-07 sun4u sparc SUNW,Ultra-1[/ref]

    Hmmmm, on another system:

    [duhring]$ ps -eaf | grep ps
    duhring 647 643 0 11:48:28 pts/5 0:00 grep ps
    root 646 643 0 11:48:28 pts/5 0:00 ps -eaf
    [duhring]$ uname -a
    SunOS tar 5.8 Generic_108529-23 i86pc i386 i86pc

    Dave Guest

  5. #5

    Default Re: regular user's command being owned by root

     

    Only the ucb version?

    -r-xr-xr-x root bin 24552 Apr 6 2002 ./bin/sparcv7/ps
    -r-xr-xr-x root bin 5424 Jan 6 2003 ./bin/ps
    -r-xr-xr-x root bin 32056 Apr 6 2002 ./bin/sparcv9/ps
    -r-sr-xr-x root sys 15836 Apr 6 2002 ./ucb/sparcv7/ps
    -r-xr-xr-x root bin 5424 Jan 6 2003 ./ucb/ps
    -r-sr-xr-x root sys 21864 Apr 6 2002 ./ucb/sparcv9/ps

    Oscar Guest

  6. #6

    Default Re: regular user's command being owned by root

     
    >
    >
    > Only the ucb version?
    >
    > -r-xr-xr-x root bin 24552 Apr 6 2002 ./bin/sparcv7/ps
    > -r-xr-xr-x root bin 5424 Jan 6 2003 ./bin/ps
    > -r-xr-xr-x root bin 32056 Apr 6 2002 ./bin/sparcv9/ps
    > -r-sr-xr-x root sys 15836 Apr 6 2002 ./ucb/sparcv7/ps
    > -r-xr-xr-x root bin 5424 Jan 6 2003 ./ucb/ps
    > -r-sr-xr-x root sys 21864 Apr 6 2002 ./ucb/sparcv9/ps[/ref]

    I just noticed /usr/bin/sparcv?/ps are actually suid root
    on Solaris 8 and earlier but not on Solaris 9


    Oscar Guest

  7. #7

    Default Re: regular user's command being owned by root

    Dave Uhring <com> writes:
     
     [/ref]
     

    Well, we fixed that in Solaris 9 but in the particular case of
    the OP ps was still set0uid.

    Casper
    Casper Guest

  8. #8

    Default Re: regular user's command being owned by root

    Dave Uhring wrote: 
    >>
    >>[distfiles]$ whoami
    >>duhring
    >>[distfiles]$ ps -eaf | grep ps
    >> duhring 15808 364 0 11:45:45 pts/5 0:00 grep ps
    >> duhring 15807 364 1 11:45:45 pts/5 0:00 ps -eaf
    >>[distfiles]$ uname -a
    >>SunOS tarfu 5.9 Generic_112233-07 sun4u sparc SUNW,Ultra-1[/ref]
    >
    >
    > Hmmmm, on another system:
    >
    > [duhring]$ ps -eaf | grep ps
    > duhring 647 643 0 11:48:28 pts/5 0:00 grep ps
    > root 646 643 0 11:48:28 pts/5 0:00 ps -eaf
    > [duhring]$ uname -a
    > SunOS tar 5.8 Generic_108529-23 i86pc i386 i86pc
    >[/ref]

    Nice to see Solaris get what AIX has had for many years:

    $ ps -ef | grep "ps -ef"
    syscjm 24962 31089 1 16:41:42 pts/3 0:00 grep ps -ef
    syscjm 53633 31089 5 16:41:42 pts/3 0:00 ps -ef
    $ uname -s
    AIX
    $ oslevel
    Processing.....Please Wait.
    <>3250

    Chris Mattern

    Chris Guest

  9. #9

    Default Re: regular user's command being owned by root

    On Thu, 07 Aug 2003 18:12:31 +0000, Casper H. S. Dik wrote:
     
    > [/ref]

    >
    > Well, we fixed that in Solaris 9 but in the particular case of
    > the OP ps was still set0uid.[/ref]

    Well, this is curious:

    [bin]# uname -a
    SunOS tar 5.8 Generic_108529-23 i86pc i386 i86pc
    [bin]# ls -li ps
    60463 -r-xr-xr-x 37 root bin 5204 Jan 5 2000 ps
    [bin]# ls -li | grep 60463 | wc -l
    29

    It does not appear to be suid; must be within the binary.

    Dave Guest

  10. #10

    Default Re: regular user's command being owned by root

    In article <com>,
    Dave Uhring <com> wrote: 
    >> [/ref][/ref]
     
    >>
    >> Well, we fixed that in Solaris 9 but in the particular case of
    >> the OP ps was still set0uid.[/ref]
    >
    >Well, this is curious:
    >
    >[bin]# uname -a
    >SunOS tar 5.8 Generic_108529-23 i86pc i386 i86pc
    >[bin]# ls -li ps
    > 60463 -r-xr-xr-x 37 root bin 5204 Jan 5 2000 ps
    >[bin]# ls -li | grep 60463 | wc -l
    > 29
    >
    >It does not appear to be suid; must be within the binary.[/ref]

    PS does not need to be suid at all since it has been converted
    to use /proc around 1990.

    /usr/ucb/ps gives additional information (e.g. longer command lines)
    that most likely need root privilleges.

    --
    EMail:isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
    tu-berlin.de (uni) If you don't have iso-8859-1
    fraunhofer.de (work) chars I am J"org Schilling
    URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
    Joerg Guest

  11. #11

    Default Re: regular user's command being owned by root

    In article <com>,
    Dave Uhring <com> wrote: 

    What directory were you in when you did this? /usr/bin/ps is simply a
    wrapper that invokes the appropriate architecture-specific (32-bit or
    64-bit) ps, and it's the *latter* binary that's setuid.

    --
    Barry Margolin, com
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
    Barry Guest

  12. #12

    Default Re: regular user's command being owned by root

    On Thu, 07 Aug 2003 21:32:30 +0000, Barry Margolin wrote:

     

    /usr/bin

    OK, /usr/bin/i86/ps is suid. And /usr/bin/ps does indeed use that one:

    execve("/usr/bin/i86/ps", 0x08047ACC, 0x08047AD8) argc = 2


    Dave Guest

  13. #13

    Default Re: regular user's command being owned by root

    On Thu, 07 Aug 2003 11:49:51 -0500, com wrote: 

    new interfaces were added to /proc in sol9 so that ps doesnt have to be
    setuid root any more

    --
    http://www.blastwave.org/ for solaris pre-packaged binaries with pkg-get
    Organized by the author of pkg-get
    [Trim the no-bots from my address to reply to me by email!]
    S.1618 http://thomas.loc.gov/cgi-bin/bdquery/z?d105:SN01618:D
    http://www.spamlaws.com/state/ca1.html
    Philip Guest

  14. #14

    Default Re: regular user's command being owned by root

    In article <google.com>,
    Steven <net> wrote: 

    The owner of the program can use chmod to remove the setuid flag.

    chmod u-s /usr/bin/java

    Most programs are setuid for a reason, although I'm not sure why java would
    need it. Perhaps your system was hacked, and /usr/bin/java replaced with a
    trojan'ed version.

    --
    Barry Margolin, com
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
    Barry Guest

  15. #15

    Default Re: regular user's command being owned by root

    Sorry, for the last post.... although I did learn quite a bit from the
    thread (thanks everyone). The root cause of my problem was this:
    -r-sr-xr-x 1 root bin 35112 Jan 30 2002 java
    Got rid of that little s and all is now well.
    Steven Guest

Similar Threads

  1. FMS2 and non-root user
    By Clem in forum Macromedia Flash Flashcom
    Replies: 0
    Last Post: March 2nd, 08:40 PM
  2. Regular Expressions and the sub command
    By Trina Espinoza in forum PERL Beginners
    Replies: 2
    Last Post: October 6th, 05:54 PM
  3. root crontab run as different user
    By Martin Glora in forum Linux / Unix Administration
    Replies: 5
    Last Post: August 11th, 11:57 AM
  4. root equivalent user
    By Ed in forum Linux Setup, Configuration & Administration
    Replies: 17
    Last Post: August 7th, 02:29 PM
  5. Replies: 4
    Last Post: July 17th, 09:24 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139