I created a setuid program in C. The executable looks like this:
-r-s-r-s--- 1 root users 13073 Jun 15 21:56 server
I execute the program as userA/users
and try to set the uid/gid to userB/otherUsers
. setgid()
fails with Operation not permitted. userA
is not part of otherUsers
How can I change the effective gid?
[EDIT] Here is a small summary of what I did. My C program, executed as userA, sets uid and gid to userB and creates a file. Not as expected, the file belongs to the group root, because setgid()
fails.
[userA@node uid]$ id
uid=11945(userA) gid=544(users) groups=544(users)
[userA@node uid]$ id userB
uid=11946(userB) gid=10792(otherUsers) groups=10792(otherUsers)
[userA@node uid]$ cat uid.c
#include <stdio.h>
#include <unistd.h>
int main() {
setuid(11946);
setgid(10792);
FILE *f = fopen("userB_file", "w");
fclose(f);
return 0;
}
[userA@node uid]$ ls -l uid
-r-sr-sr-x 1 root root 7130 Jun 17 14:16 uid
[userA@node uid]$ ./uid
[userA@node uid]$ ls -l userB_file
-rw-r--r-- 1 userB root 0 Jun 17 14:19 userB_file
I suspect you're calling setuid
before setgid
. As soon as you call setuid
to change the uid to something other than root, you've forfeited your permission to change the gid to an arbitrary value. You must call setgid
first, then setuid
.