M01:
Introduction to Operating Systems
|
TU1:
Installing, configuring and exploiting a computer system
|
ASIX1/DAW1
|
Practical
Exercise 7a: Specials permissions
|
14-12-19
|
Practical
Exercise 7a: Special permissions
GENERAL CONDITIONS
1-Deadline: 22-12-19
2- Send your report as a PDF file attached to an e-mail with the following
specifications:
a) E-mail address: cf(at)collados.org or jordi.binefa(at)fje.edu depending who is your
teacher
b) File Names:
b.1) ASIX1: asix1_surname_name_m01tu01pr7a.odt
asix1_surname_name_m01tu01pr7a.pdf
b.2)
DAW1: daw1_surname_name_m01tu01pr7a.odt
daw1_surname_name_m01tu01pr7a.pdf
c) Subject:
c.1) ASIX1: asix1_surname_name_m01tu01pr7a
c.2) DAW1: daw1_surname_name_m01tu01pr7a
3- Make this report individually.
4- Left, right, top and
bottom margins: 2cm.
5- Character format: a)
Font: Arial, b) Size: 10, c) Questions typeface: Bold, d)
Answers typeface: Regular
DOCUMENTATION
1- Links
a) https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits
b) https://www.geeksforgeeks.org/advance-file-permissions-in-linux/
2- Special persmissions.
a) Linux supports three special types of specials
permissions:
* Set-user identifier permission or setuid
* Set-group identifier permission or setgid
* Sticky bit
b) In this
practical exercise we will learn about how to work
with the set-user identifier permission,
also called the setuid permission, with the
help of chmod and the setuid bit.
c)
In order to properly undertand how the setuid
permission works you should learn the
difference between a real user and an
effective user when a program is run
3- The setuid permission and the setuid bit
a) Real and efective user
* When a program is run:
- The real user is the real user who is running
the program. The user who has run a command in bash or click a
menu in order to start that program.
- The effective user is the user with whose
permissions the program runs
- Usually, the real user and the effective user
are the same user but, sometimes, some programs have to be runn
with a different real and effective user.
* Example:
- Open the following web page: http://binefa.net/gnu/gcc/processos/Identificacions_reals_i_efectives.html.
Copy and paste the code and save it as: getId.c.
Compile getId.c and get a binary file called getId.
- As your default user: Run getId.
Check who is the real and effective
user.
- Change the ownership of the binary
code. Set root as the owner of
getid. Set root as
the group of getid.
- As your default user: Run getId.
Check who is the real and effective
user. Any difference? Why?
- As root user: Set the setuid
bit of getId.
Check it the setuid bit has been set.
- As your default user: Run getId.
Check who is the real and effective
user. Any difference? Why?
b) The setuid permissions and setuid bit: Description
* The setuid permission is useful when
you are running programs. If the setuid permission
of a program is set then, the program is always run with
the permissions granted to its owner even if another user is
running this program. In other words the program is run by a
real user but with the permissions granted to the
effective user, that is, the program's owner.
* Imagine you are a
user called "student"
and you can run a program called grades.sh owned by another user called "teacher". Imagine now that
the setuid permission of of grades.sh is set(true/1/enabled).
Under such circumstances, you you will be able to run grades.sh with the
permissions of the user "teacher".
In this example, the real user is "student" but the
effective user is "teacher".
* In the previous example:
- If grades.sh
can modify contents of a file owned by "teacher", the user "student"
will be able to modify the contents of that file as well, even
if "student" does not have permissions to do so.
- If grades.sh
can modify contents
of a directory owned by "teacher", the user "student"
will be able to modify the contents of that directory as well,
even if "student" does not have permissions to do so.
* In order to add/remove the setuid
permission to/from a program you only need to set/unset
a bit called the setuid bit with the help
of chmod.
c) Checking the setuid permission
If you want to check if the setuid bit is set/cleard for a
program, you have to run the command ls -ls. A typical
program with the setuid bit set is passwd. If you run:
dacomo@inf1-dacomo:~$ ls -ls
/usr/bin/passd
the system shows :
64 -rwsr-xr-x
1 root root 63736 Jul
27 2018 /usr/bin/passwd
As you can see, an "s" is
showed in the owner's executable permission of the program passwd. If s is shown then the
setuid bit is set.
d) Adding and removing the setuid permission
- Working in numeric mode, if you want
to clear the setuid bit on passwd
(or any other program), you have to become the owner
of passwd and run this command: chmod 0755
/usr/bin/passwd
- Working in numeric mode, if you want
to set the setuid bit on passwd(or any other program), you have to become the owner
of passwd and run this command: chmod 4755
/usr/sbin/passwd
- Working in symbolic mode, if you
want to clear the setuid bit on passwd (or any other program), you have to become the
owner of passwd and run this command: chmod
u-s /usr/bin/passwd
- Working in symbolic mode, if you
want to set the setuid bit on passwd (or any other program), you have to become the owner
of passwd and run this command: chmod u+s
/usr/sbin/passwd
e) Some additonal notes
NOTE 1) If the setuid bit of a program (for
instance: passwd) is set
and its execution permission is cleared then, the following line
will be displayed when you run the command ls -l:
-rwSr-xr-x 1 root root 37140 2010-01-26 18:09
/usr/bin/passwd
As you can see, a capital "S"
is showed in the owner's executable permission of the program passwd. Even though the bit
setuid is set, you will not able to change your password because root does not have execution
permission.
NOTE 2) The setuid permission set on a
directory is ignored on Linux systems.
NOTE
3) You must be extremely careful when you set special
permissions, because special permissions constitute a security
risk. For example, a user can gain superuser privileges by
executing a program that sets the user ID (UID) to root. Also,
all users can set special permissions for files they own,
which constitutes another security concern. To search for and list all
of the files that use these permissions, see How
to Find Files With setuid Permissions. A suspicious
listing grants ownership of such a program to a user
rather than to root or bin.
NOTE 4)
Running programs as setuid can be dangerous, but some
programs or commands such as passwd
or su, which are owned by
the user root, need to
be run by another system users. But, apart from
some few cases, if security is an important issue to you, make
sure that you avoid using the setuid bit.
NOTE 5) On most operating systems, only compiled programs
can be setuid. Scripts, i.e. programs executed by an
interpreter such as the Bourne shell (bash) can have their setuid bit
set, but it does not have any effect in order to avoid security
holes (most interpreters have not been written with security in
mind). We will talk about scripts in training unit 3.
PRACTICAL EXERCISE
VERY IMPORTANT: In the context of
this exercise, user "by default" is the user
that was created when the operating system was installed,
and it is the user with which you have been working
regularly.
1.- Do the
following tasks as root user:
a) Download with wget a
program called create_fje.sh that you can find in: http://www.collados.org/asix1/m01/tu1/create_fje.sh
b) Change permissions of create_fje.sh
so only root can read, write and execute it. Clear all
permissions for group and others.
c) Run create_fje.sh as a root
user.
d) Check that a new user called fje
(with password clofje20) has been create in your system.
Additionally, check that a group called fje has been create in your system
as well.
e) Become your user "by
default" again running exit.
2.- Become fje. Create on fje's personal folder a new
folder called q2Pr7a.
3.- Become your user "by
default" again running exit. Now, try to remove
the folder q2Pr7a created in the previous question. Are you able to remove that
folder?. Why?.
4.- Become fje and do the
following tasks:
a) Download with wget a source code
called rm_q2Pr7a.c that you can find in: http://www.collados.org/asix1/m01/tu1/rm_q2Pr7a.c
b) Compile the source
running: gcc rm_q2Pr7a.c
-o rm_q2Pr7a
c) Change
permissions of rm_q2Pr7a so only fje
can read, write and execute it. Clear all permissions
for group and others.
d) Run rm_q2Pr7a. Check that
the folder q2Pr7a has been remove
after running rm_q2Pr7a.
Why?
5.- As a fje
create again
folder q2Pr7a.
Become again your
user "by default"
again running exit.
6.- As
your user "by
default" change to
directory /home/fje
and:
a) Try to
remove q2Pr7a
using the command
rm -r
/home/fje/q2Pr7a.
Check that you can
not remove the
folder. Why not?
b) Try
to remove q2Pr7a
using the
command rm_q2Pr7a.
Check
that you can
not remove the
folder.
Why not?
7.- Become
fje and do
the following
tasks:
a)
Set
the setuid
bit on rm_q2Pr7a
using the symbolic
mode.
b) Check
that the
setuid bit on
q2Pr7a
is set.
c) Become
again your
user "by
default" again
running exit.
8.-
As your
user "by
default"
change to
directory /home/fje.
Try
to remove q2Pr7a
using the
command rm_q2Pr7a.
Check
that you can
not remove the
folder.
Why not?
9.-
Become
fje and do
the following
tasks:
a)
Add
the reading
and execution
permissions
for others
to rm_q2Pr7a
using the
symbolic mode.
b) Check
that the new
permissions
have been
added to q2Pr7a.
c) Become
again your
user "by
default" again
running exit.
10.-
As
your user "by
default"
change to
directory /home/fje.
Try
to remove q2Pr7a
using the
command rm_q2Pr7a.
a)
Check who is
the effective
user and real
user according
to the
program.
b) Check
that you can
remove the
folder.
Why?
11.-
Become
fje and do
the following
tasks:
a) Create
again q2Pr7a.
b)
Remove
the execution
permissions
for owner
to rm_q2Pr7a
using the
symbolic mode.
c) Check
that execution
permission for
owner
has been
cleared
from q2Pr7a.
d)