M01: Introduction to Operating Systems
TU1: Installing, configuring and exploiting a computer system
ASIX1/DAW1
Practical Exercise 7a:  Specials permissions
14-12-19

Practical Exercise 7a: Special permissions

GENERAL CONDITIONS
1-Deadline: 22-12-19
2- Send your report as a PDF file attached to an e-mail with the following specifications:
        a) E-mail address:
cf(at)collados.org or jordi.binefa(at)fje.edu depending who is your teacher
        b) File Names:
           
b.1) ASIX1: asix1_surname_name_m01tu01pr7a.odt
                                 asix1_surname_name_m01tu01pr7a.pdf

            b.2)
DAW1: daw1_surname_name_m01tu01pr7a.odt
                                 daw1_surname_name_m01tu01pr7a.pdf
        c) Subject:
            c.1) ASIX1: asix1_surname_name_m01tu01pr7a
            c.2)
DAW1: daw1_surname_name_m01tu01pr7a
3- Make this report individually.
4- Left, right, top and bottom margins: 2cm.
5- Character format: a) Font: Arial, b) Size: 10, c) Questions typeface: Bold, d) Answers typeface: Regular


DOCUMENTATION

1- Links
a) https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits
b) https://www.geeksforgeeks.org/advance-file-permissions-in-linux/

2- Special persmissions.


a)
Linux supports three special types of specials permissions:
    * Set-user identifier permission or setuid
    * Set-group identifier permission or setgid
    * Sticky bit

b) In this practical exercise we will learn about how to work with the set-user identifier permission, also called the setuid permission, with the help of chmod and the setuid bit.

c) In order to properly undertand how the setuid permission works you should learn the difference between a real user and an effective user when a program is run


3- The setuid permission and the setuid bit


a) Real and efective user

* When a program is run:
    - The real user is the real user who is running the program. The user who has run a command in bash or click a menu in order to start that program.
    - The effective user is the user with whose permissions the program runs
    - Usually, the real user and the effective user are the same user but, sometimes, some programs have to be runn with a different real and effective user.

* Example:

b) The setuid permissions and setuid bit: Description

* The setuid permission is useful when you are running programs. If  the setuid permission of a program is set then, the program is always run with the permissions granted to its owner even if another user is running this program. In other words the program is run by a real user but with the permissions granted to  the effective user,  that is, the  program's owner.

* Imagine you are a user called "student" and you can run a program called grades.sh owned by another user called "teacher". Imagine now that the setuid permission of of grades.sh is set(true/1/enabled). Under such circumstances, you you will be able to run grades.sh with the permissions of the user "teacher".  In this example, the real user is "student" but the effective user is "teacher".

* In the previous example:
    - If grades.sh can modify contents of a file owned by "teacher", the user "student"  will be able to modify the contents of that file as well, even if "student" does not have permissions to do so.
    - If grades.sh
can modify contents of a directory owned by "teacher", the user "student"  will be able to modify the contents of that directory as well, even if "student" does not have permissions to do so.

* In order to add/remove the setuid permission to/from a program you only need to set/unset a  bit called the setuid bit  with the help of chmod.


c) Checking the setuid permission


If you want to check if the setuid bit is set/cleard for a program, you have to run the command ls -ls. A typical program with the setuid bit set is  passwd. If you run:

dacomo@inf1-dacomo:~$ ls   -ls   /usr/bin/passd

the system shows :


64   -rwsr-xr-x   1   root   root   63736  Jul 27 2018   /usr/bin/passwd

As you can see, an "s" is showed in the owner's executable permission of the program passwd. If s is shown then the setuid bit is set.


d) Adding and removing th
e setuid permission


e) Some additonal notes


NOTE 1) If the setuid bit of a program (for instance: passwd) is set and its execution permission is cleared then, the following line will be displayed when you run the command ls  -l:

-rwSr-xr-x 1 root root 37140 2010-01-26 18:09 /usr/bin/passwd

As you can see, a capital "S" is showed in the owner's executable permission of the program passwd. Even though the bit setuid is set, you will not able to change your password because root does not have execution permission. 

NOTE 2)
The setuid permission  set on a directory is ignored on Linux systems.

NOTE 3) You must be extremely careful when you set special permissions, because special permissions constitute a security risk. For example, a user can gain superuser privileges by executing a program that sets the user ID (UID) to root. Also, all users can set special permissions for files they own, which constitutes another security concern. To search for and list all of the files that use these permissions, see How to Find Files With setuid Permissions. A suspicious listing grants ownership of such a program to a user rather than to root or bin.

NOTE 4) Running programs as setuid can be dangerous, but  some  programs or commands such as passwd or su, which are owned by the user root, need to be  run by  another system users. But,  apart from some few cases, if security is an important issue to you, make sure that you avoid using the setuid bit.

NOTE 5)
On most operating systems, only compiled programs can be setuid. Scripts, i.e. programs executed by an interpreter such as the Bourne shell (bash) can have their setuid bit set, but it does not have any effect in order to avoid security holes (most interpreters have not been written with security in mind). We will talk about scripts in training unit 3.


PRACTICAL EXERCISE


VERY IMPORTANT:  In the context of this exercise, user "by default" is the user  that was created when the operating system was installed, and it is the user with which you have been working regularly.

1.- Do the following tasks as  root user:
    a) Download with wget a program called create_fje.sh that you can find in: http://www.collados.org/asix1/m01/tu1/create_fje.sh  
    b) Change permissions of create_fje.sh  so only root can read, write and execute it. Clear all permissions for group and others.
    c) Run create_fje.sh as a root user.
    d) Check that a new user called fje (with password clofje20) has been create in your system. Additionally, check that a group called fje
has been create in your system as well.
    e) Become
your user "by default" again running exit.
2.- Become fje.
Create on fje's personal folder a new folder called q2Pr7a.
3.-
Become your user
"by default" again running exit. Now, try to remove the folder q2Pr7a created in the previous question. Are you able to remove that folder?. Why?.
4.-
Become fje and do the following tasks:
    a) 
Download with wget a source code called rm_q2Pr7a.c that you can find in: http://www.collados.org/asix1/m01/tu1/rm_q2Pr7a.c
    b) Compile the source running: gcc   rm_q2Pr7a.c   -o   rm_q2Pr7a
    c)
Change permissions of rm_q2Pr7a  so only fje can read, write and execute it. Clear all permissions for group and others.
    d) Run 
rm_q2Pr7a. Check that the folder q2Pr7a has been remove after running rm_q2Pr7a. Why?
5.- As a fje create again folder q2Pr7a. Become again your user "by default" again running exit.
6.- As your user "by default" change to directory /home/fje and:
    a) Try to remove q2Pr7a using the command rm  -r  /home/fje/q2Pr7a. Check that you can not remove the folder. Why not?
    b)
Try to remove q2Pr7a using the command rm_q2Pr7a. Check that you can not remove the folder. Why not?
7.-
Become fje and do the following tasks:
   
a) Set the setuid bit on rm_q2Pr7a  using the symbolic mode.
    b) Check that the setuid bit on
q2Pr7a is set.

    c)
Become again your user "by default" again running exit.
8.- As your user "by default" change to directory /home/fje. Try to remove q2Pr7a using the command rm_q2Pr7a. Check that you can not remove the folder. Why not?
9.- Become fje and do the following tasks:
   
a) Add the reading and execution permissions for others to rm_q2Pr7a  using the symbolic mode.
    b) Check that the new permissions have been added to
q2Pr7a.

    c)
Become again your user "by default" again running exit.
 

10.-
As your user "by default" change to directory /home/fje. Try to remove q2Pr7a using the command rm_q2Pr7a.
    a)  Check who is the effective user and real user according to the program.
    b)
Check that you can remove the folder. Why?
11.- Become fje and do the following tasks:
    a) Create again q2Pr7a.
   
b) Remove  the execution permissions for owner  to rm_q2Pr7a  using the symbolic mode.
    c) Check that execution permission for owner has been cleared from
q2Pr7a.
    d) 
Try to remove q2Pr7a using the command rm_q2Pr7a. Check that you can not remove the folder. Why not?
    e)
Become again your user "by default" again running exit.
 

12.-
As your user "by default" change to directory /home/fje. Try to remove q2Pr7a using the command rm_q2Pr7a.
    a)  Check who is the effective user and real user according to the program.
    b)
Check that you can remove the folder. Why?
13.- Become fje and do the following tasks:
   
a) Clear the setuid on rm_q2Pr7a  using the symbolic mode.
Add  the execution permissions for owner  to rm_q2Pr7a  using the symbolic mode.
    b)
Check that the setuid bit on q2Pr7a is clear. Check that execution permission for owner has been set to q2Pr7a.
    c)
Become again your user "by default" again running exit.

14.- As your user "by default" change to directory /home/fje. Try to remove q2Pr7a using rm_q2Pr7a. Check that you can not remove the folder. Why not?
15.- Become the
root user and set the setuid bit on /bin/mkdir using the symbolic mode. Become your by user "by default", and try to create a new directory called test in the /etc directory. Answer the following questions:
    a)
Can normal users create files in the  /etc directory?.
    b) 
Have you been able to create test in the directory /etc?. Why?.
    c) C
heck the owner and group for the new folder?. Explain to me the results shown by the system.
16.- As root user, clear the setuid bit on /bin/mkdir using the numeric mode.
17.-
Become the root user. Check where is the command passwd. Check the permissions assigned to passwd by the system. Is the setuid bit cleared or set?.
18.- As root user, clear the setuid bit of passwd using the numeric mode. Become your by user "by default" running exit. Try to change the password of your user "by default". What happens?. Why?.
19.- As root user, set the setuid bit on /bin/mkdir using the symbolic mode.
20.- Find all files with setuid permissions in your system.