Re: Group permissions changed

• Previous message: joop gerritse: "Re: Group permissions changed"
• In reply to: Eduardo Tongson: "Re: Group permissions changed"
• Next in thread: joop gerritse: "Re: Group permissions changed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 30 Sep 2005 02:01:25 +0100
To: Eduardo Tongson <propolice@gmail.com>

Eduardo Tongson wrote:

> > I posted this before on the security basics, but haven't recieved
> > a response, and it worries me a bit, so I'm sending this to a few
> > other groups in hopes that someone will have an idea about it.
> >
> > ---
> >
> > Fairly recently I noticed my ftp client wouldn't list files in
> > certain directories on my server anymore - so I ssh'd in (it's
> > dedicated), and did a ls -aFl on the files, hoping to see what the
> > problem was - here are a few of the results:
> >
> > -rw-r--r-- 1 larry 503 371 2005-02-25 08:36 head.php
> > -rw-r--r-- 1 larry 48 873 2005-09-09 03:23 foot.php
> >
> > I never set the group ids to 503 or 48, so I checked just to make
> > sure - and no groups with those ids even exist. Is there an
> > exploit/tool that causes this, and should I be worried?
>
> 503 and 48 has [r] rights only no need to worry.
> Whoever uploaded the files probably had the owner/group preserved.

This can only happen if the ftpd is running as root (or has CAP_CHOWN,
if you're using capabilities).

An unprivileged process can only change a file's group to either its
EGID (FSGID on Linux) or one of its supplementary GIDs.

Files with an invalid UID or GID are usually caused by unpacking a tar
archive as root, in which case the UID and GID are set to the values
stored in the tar archive (unless you use --no-same-owner).

-- 
Glynn Clements <glynn@gclements.plus.com>

• Previous message: joop gerritse: "Re: Group permissions changed"
• In reply to: Eduardo Tongson: "Re: Group permissions changed"
• Next in thread: joop gerritse: "Re: Group permissions changed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: nfsd bug: create file with specific uid/gid ... setting uid/gid works only for root" ... allow root to set uid and gid on create ... The server silently ignores attempts to set the uid and gid on create. ... (Linux-Kernel) Re: chown all files on a data drive ... As root I've set the permissions for the drive ... uid 1000 and gid 1000. ... # chown -R youruser /share/other ... (Debian-User) Re: nfsd bug: create file with specific uid/gid ... The patch looks fine to me, note that nfsd_create_v3 needs fixing too. ... Subject: nfsd: allow root to set uid and gid on create ... The server silently ignores attempts to set the uid and gid on create. ... Update the file handle to get the new inode info. ... (Linux-Kernel) Re: permanently_set_uid: was able to restore old [e]gid ... >As root: ... and I can reproduce on Solaris 8. ... >and using the gid from the pw entry to reset the gid. ... Good judgement comes with experience. ... (comp.security.ssh) Re: os.chown() ... >must pass the numerical uid and gid. ... Are you doing this as root? ... The chown function is usually restricted to ... (comp.lang.python)