Why does login need to be suid by root to work?
Tito
farmatito at tiscali.it
Wed Dec 1 09:14:45 UTC 2010
On Wednesday 01 December 2010 01:41:06 Cathey, Jim wrote:
> >When I make the busybox executable setuid by root, login is accesible
> >by non-root users. However, I don't understand the need for this? Why
> >is login being required to get root permissions. It isn't this way on
> >typical linux installs.
>
> Because "typical Linux installs" are wrong! login is very old,
> predating Linux by all the time there is. You used to be able to
> "login", and choose who you were going to be. Or "login <user>"
> and give it the user's password when prompted. Only way for
> that to happen is if login itself is running privileged. For
> normal box access methods (telnet, ssh, getty) the parent of
> login was already privileged, so login doesn't need to be suid,
> and so the installation error isn't easily noticed. People usually
> use "su" instead. But if you want interactive (re-)login to work,
> it has to be suid root.
>
> -- Jim
>
Hi,
if you have SHADOW_PASSWDS enabled you need root privileges
to access the shadow passwd file:
-rw-r----- 1 root shadow 1167 2010-11-15 23:20 /etc/shadow
Ciao,
Tito
More information about the busybox
mailing list