Prev: 'zpool status' shows "scrub: none requested"
Next: LOFS mount into zone causes 4-5x performance drop?
From: neilsolent on 25 Feb 2010 11:00
Hi
Can anyone explain the following - i.e. why does the sleep2 command at
the end not run as root?
This works (runs as root) on another x86 system of mine, but not on
this SPARC one. What's going on ??


root(a)system1 # uname -a
SunOS system1 5.10 Generic_139555-08 sun4u sparc SUNW,Sun-Fire-V890
root(a)system1 # groups
root other bin sys adm uucp mail tty lp nuucp daemon
root(a)system1 # which sleep
/usr/bin/sleep
root(a)system1 # cp /usr/bin/sleep /tmp
root(a)system1 # cd /tmp
root(a)system1 # mv sleep sleep2
root(a)system1 # chmod u+s sleep2
root(a)system1 # chmod g+s sleep2
root(a)system1 # chmod u-r sleep2
root(a)system1 # chmod g-r sleep2
root(a)system1 # chmod o-r sleep2
root(a)system1 # chmod o-x sleep2
root(a)system1 # chgrp unison sleep2
root(a)system1 # ls -l sleep2
---s--s--- 1 root unison 9964 Feb 25 15:41 sleep2
root(a)system1 # su - maestro
maestro(a)system1 # groups
unison
maestro(a)system1 # /tmp/sleep2 10 &
[1] 6902
maestro(a)system1 # ps -ef |grep sleep2
maestro 6904 6800 0 15:43:45 pts/6 0:00 grep sleep2
maestro 6902 6800 0 15:43:44 pts/6 0:00 /tmp/sleep2 10




Thanks,
Neil
From: Casper H.S. Dik on 25 Feb 2010 11:45
neilsolent <n(a)solenttechnology.co.uk> writes:

>Hi
>Can anyone explain the following - i.e. why does the sleep2 command at
>the end not run as root?
>This works (runs as root) on another x86 system of mine, but not on
>this SPARC one. What's going on ??

>root(a)system1 # uname -a
>SunOS system1 5.10 Generic_139555-08 sun4u sparc SUNW,Sun-Fire-V890
>root(a)system1 # groups
>root other bin sys adm uucp mail tty lp nuucp daemon
>root(a)system1 # which sleep
>/usr/bin/sleep
>root(a)system1 # cp /usr/bin/sleep /tmp
>root(a)system1 # cd /tmp
>root(a)system1 # mv sleep sleep2
>root(a)system1 # chmod u+s sleep2
>root(a)system1 # chmod g+s sleep2
>root(a)system1 # chmod u-r sleep2
>root(a)system1 # chmod g-r sleep2
>root(a)system1 # chmod o-r sleep2
>root(a)system1 # chmod o-x sleep2
>root(a)system1 # chgrp unison sleep2
>root(a)system1 # ls -l sleep2
>---s--s--- 1 root unison 9964 Feb 25 15:41 sleep2
>root(a)system1 # su - maestro
>maestro(a)system1 # groups
>unison
>maestro(a)system1 # /tmp/sleep2 10 &
>[1] 6902
>maestro(a)system1 # ps -ef |grep sleep2
> maestro 6904 6800 0 15:43:45 pts/6 0:00 grep sleep2
> maestro 6902 6800 0 15:43:44 pts/6 0:00 /tmp/sleep2 10

What's in /etc/vfstab for /tmp?

It doesn't work on my system but that's because of:

swap - /tmp tmpfs - yes nosetuid

(nosetuid)

Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
From: neilsolent on 25 Feb 2010 13:46
On 25 Feb, 16:45, Casper H.S. Dik <Casper....(a)Sun.COM> wrote:
> neilsolent <n...(a)solenttechnology.co.uk> writes:
> >Hi
> >Can anyone explain the following - i.e. why does the sleep2 command at
> >the end not run as root?
> >This works (runs as root) on another x86 system of mine, but not on
> >this SPARC one. What's going on ??
> >root(a)system1 # uname -a
> >SunOS system1 5.10 Generic_139555-08 sun4u sparc SUNW,Sun-Fire-V890
> >root(a)system1 # groups
> >root other bin sys adm uucp mail tty lp nuucp daemon
> >root(a)system1 # which sleep
> >/usr/bin/sleep
> >root(a)system1 # cp /usr/bin/sleep /tmp
> >root(a)system1 # cd /tmp
> >root(a)system1 # mv sleep sleep2
> >root(a)system1 # chmod u+s sleep2
> >root(a)system1 # chmod g+s sleep2
> >root(a)system1 # chmod u-r sleep2
> >root(a)system1 # chmod g-r sleep2
> >root(a)system1 # chmod o-r sleep2
> >root(a)system1 # chmod o-x sleep2
> >root(a)system1 # chgrp unison sleep2
> >root(a)system1 # ls -l sleep2
> >---s--s---   1 root     unison        9964 Feb 25 15:41 sleep2
> >root(a)system1 # su - maestro
> >maestro(a)system1 # groups
> >unison
> >maestro(a)system1 # /tmp/sleep2 10 &
> >[1]     6902
> >maestro(a)system1 # ps -ef |grep sleep2
> > maestro  6904  6800   0 15:43:45 pts/6       0:00 grep sleep2
> > maestro  6902  6800   0 15:43:44 pts/6       0:00 /tmp/sleep2 10
>
> What's in /etc/vfstab for /tmp?
>
> It doesn't work on my system but that's because of:
>
> swap   -    /tmp        tmpfs   -       yes     nosetuid
>
> (nosetuid)
>
> Casper
> --
> Expressed in this posting are my opinions.  They are in no way related
> to opinions held by my employer, Sun Microsystems.
> Statements on Sun products included here are not gospel and may
> be fiction rather than truth.

Excellent stuff - I reckon that's my problem!
I will check tomorrow and let you know.
From: neilsolent on 26 Feb 2010 04:29
Yes you were right .. thanks.



From: neilsolent on 28 Feb 2010 02:04
Although Casper solved the problem I posted, I was trying to solve a
problem with some 3rd party code, by simulating it in as simplified
way. I thought I had reproduced the problem - but I hadn't!

So I still have a mystery to solve as follows..

The binary executable file jobman has the same permissions as sleep2
did above, and is created as a child process of a process called
"batchman". It resides on the root filesystem, which has the setuid
capability. However, it still runs as user maestro, not root.

I tried a truss of the parent process and can see it spawning jobman
as follows:

26890: execve("/opt/apps/maestro/bin/jobman", 0x001FF230, 0xFFBFF8AC)
argc = 1
26890: *** SUID: ruid/euid/suid = 4004 / 0 / 0 ***

any further suggestions?
 |  Next  |  Last
Pages: 1 2
Prev: 'zpool status' shows "scrub: none requested"
Next: LOFS mount into zone causes 4-5x performance drop?