Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Changing Oracle gid and uid?
Denny and Mark:
Denny Koovakattu wrote:
> But in practice, chown removes the setuid bit. If not, you could break into
> systems that way. Make a copy of ksh or sh, set the setuid bit and then change
> ownership to any other user and then execute the new shell with setuid ;)
>
Still can't see it. After chown, the pre-existing setuid bit is still showing for the new owner:
% ls -l /tmp/oracle
-rwsr-s--x 1 oracle dba 71242229 Jan 13 2005 /tmp/oracle*
% chown mark /tmp/oracle
% ls -l /tmp/oracle
-rwsr-s--x 1 mark dba 71242229 Jan 13 2005 /tmp/oracle*
Bobak, Mark wrote:
> Except of course, for root. Chown by root does not touch suid/sgid > bits. But then, if you already have root, system security is not an > issue.
Exactly. Who besides root (UID=0) can perform a chown? So, as shown correctly in the steps I listed, you should not have to re-set any setuid bits to successfully change the ownership of oracle software.
I'm willing to believe that some shell executables may be subject to special handling when it comes to set-UID status, especially with GNU versions of the utilities, but haven't tested it.
But bottom line, file ownership and file permissions in Unix are generally orthogonal attributes.
-Mark Bole
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Oct 11 2005 - 18:48:33 CDT
![]() |
![]() |