iwelt Posted July 7, 2005 Report Share Posted July 7, 2005 I have a problem with restoring files on linux clients. Files with SUID or SGID set will not be restored correctly if one of owner or group of the file is NOT root. Here is an example: Original Files: retrotest:/test# l misc/ total 3172 drwxr-xr-x 2 root root 4096 2005-07-05 16:08 sbin -rwxr-s--- 1 nobody nogroup 265880 2005-07-05 18:23 test_sgid-nobody_nogroup -rwxr-s--- 1 nobody root 265880 2005-07-05 18:23 test_sgid-nobody_root -rwxr-s--- 1 root nogroup 265880 2005-07-05 18:24 test_sgid-root_nogroup -rwxr-s--- 1 root root 265880 2005-07-05 18:24 test_sgid-root_root -rwsr-x--- 1 nobody nogroup 265880 2005-07-05 18:15 test_suid-nobody_nogrooup -rwsr-x--- 1 nobody root 265880 2005-07-05 18:20 test_suid-nobody_root -rwsr-x--- 1 root nogroup 265880 2005-07-05 18:15 test_suid-root_nogroup -rwsr-x--- 1 root root 265880 2005-07-05 18:15 test_suid-root_root -rwsr-s--- 1 nobody nogroup 265880 2005-07-05 18:15 test_suid_sgid-nobody_nogroup -rwsr-s--- 1 nobody root 265880 2005-07-05 18:20 test_suid_sgid-nobody_root -rwsr-s--- 1 root nogroup 265880 2005-07-05 18:15 test_suid_sgid-root_nogroup -rwsr-s--- 1 root root 265880 2005-07-05 18:15 test_suid_sgid-root_root Restored Files: retrotest:/test# l misc/ total 3172 drwxr-xr-x 2 root root 4096 2005-07-05 16:08 sbin -rwxr-x--- 1 nobody nogroup 265880 2005-07-05 18:23 test_sgid-nobody_nogroup -rwxr-x--- 1 nobody root 265880 2005-07-05 18:23 test_sgid-nobody_root -rwxr-x--- 1 root nogroup 265880 2005-07-05 18:24 test_sgid-root_nogroup -rwxr-s--- 1 root root 265880 2005-07-05 18:24 test_sgid-root_root -rwxr-x--- 1 nobody nogroup 265880 2005-07-05 18:15 test_suid-nobody_nogrooup -rwxr-x--- 1 nobody root 265880 2005-07-05 18:20 test_suid-nobody_root -rwxr-x--- 1 root nogroup 265880 2005-07-05 18:15 test_suid-root_nogroup -rwsr-x--- 1 root root 265880 2005-07-05 18:15 test_suid-root_root -rwxr-x--- 1 nobody nogroup 265880 2005-07-05 18:15 test_suid_sgid-nobody_nogroup -rwxr-x--- 1 nobody root 265880 2005-07-05 18:20 test_suid_sgid-nobody_root -rwxr-x--- 1 root nogroup 265880 2005-07-05 18:15 test_suid_sgid-root_nogroup -rwsr-s--- 1 root root 265880 2005-07-05 18:15 test_suid_sgid-root_root (note: green = restored correctly red = not restored correctly ) As you can see, only files which are owned by user root AND group root are restored with the SUID/SGID-bit set correctly. All other combinations of owner/group leads to missing SUID/SGID-bits on the restored files. I've been running into this using retrospect Multi-Server 6.5.350 and Linux client 6.5.108 I've also tried the new retrospect Server 7 and had no luck: Retrospect Server 7.0.301 with Update 7.0.5.102 Retrospect Client 7.0.109 Operating systems tested: Server: Windows 2000 Professional, Windows XP Professional Client: Fedora Core2, Debian 3.1 Is this is a fatal bug? Link to comment Share on other sites More sharing options...
iwelt Posted July 13, 2005 Author Report Share Posted July 13, 2005 Additional information: I've also testet this on Redhat 9 with same results. Link to comment Share on other sites More sharing options...
iwelt Posted November 11, 2005 Author Report Share Posted November 11, 2005 Hi there! I'm still having this problem and obviously noone can help me. Maybe my english is too bad for describing the problem the right way? Thanks in advance Link to comment Share on other sites More sharing options...
waltr Posted November 11, 2005 Report Share Posted November 11, 2005 hi i, your english is pretty good. i doubt anybody has tried this. quick question for you: what's the umask set for on these linux computers for user "nobody" and group "nobody"? and if you are using a different user/group, what is the umask for them? are they 'allowed' to have setuid/setgid when files are created that they own? i believe not, it would be a HUGE security risk. Now, if you did a restore of the _entire_ linux computer it would probably work......but i haven't tried this. Link to comment Share on other sites More sharing options...
iwelt Posted November 14, 2005 Author Report Share Posted November 14, 2005 Hi waltr thank you for your post. Unfortunately I'm not a expert in securing linux so i do not know where to look for the settings you mentioned. Only thing I found is that the default umask is 022. But i don't think thats the point, because this misbehaviour involves files owned by different users/groups Maybe this more "real world" example might show what i mean: Retrospect-Test-Files: total 348 -rwsr-xr-x 1 root root 68440 Sep 18 09:04 mount -rwsr-xr-- 1 root dip 265880 May 5 2005 pppd -rwsr-x--- 1 root www-run 10596 Sep 5 13:16 suexec2 Restored-Retrospect-Test-Files: total 348 -rwsr-xr-x 1 root root 68440 Sep 18 09:04 mount -rwxr-xr-- 1 root dip 265880 May 5 2005 pppd -rwxr-x--- 1 root www-run 10596 Sep 5 13:16 suexec2 As mentioned above, SGID/SUID will only be restored correctly if user AND group is root. We DID a complete restore and ran into this problem, that's how we found that issue. After restoring the apache suexec doesn't work neither does postfix or spamassasin. Maybe there is something that i don't see or something i don't know? thanks in advance Jan Link to comment Share on other sites More sharing options...
waltr Posted November 14, 2005 Report Share Posted November 14, 2005 hi jan, i've done a full restore of linux before but i haven't seen this issue, that's why i thought it might work. i can run a test on my site & see if i have the same issue. Link to comment Share on other sites More sharing options...
waltr Posted November 15, 2005 Report Share Posted November 15, 2005 hi jan, sorry it took me so long. obviously i am not doing this on a production computer. i picked one from the crap pile and it took me a while to figure out that the CD ROM is broken. now i'm all fixed up w/ SUSE 9.3. where do i find files like this in the default install? or do i have to manually make/change them? give me paths. edited to add: just let me know when you can. i'll be out of my office tomorrow (wed) but will be back thursday. if i don't hear from you thursday this will have to wait as i am leaving town for a week to visit family. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.