Excellent point, Eric. My local automounter was mounting my NFS shares with nosuid. I have removed that entry.
I no longer see nosuid in my mount listings. Lesse if it works :) -Rob PS - I'm crossing my fingers! > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric Siegerman > Sent: Monday, February 21, 2005 2:54 PM > To: Amanda Mailing List > Subject: Re: Runtar error > > On Fri, Feb 18, 2005 at 09:10:30AM -0600, Dege, Robert C. wrote: > > runtar: error [must be setuid root] > > On Fri, Feb 18, 2005 at 10:49:46AM -0600, Dege, Robert C. wrote: > > -rwsr-x--- 1 root amanda 9947 Feb 16 10:43 runtar > > [plus evidence that this copy of runtar *is* the one being used] > > Hmm, that looks like runtar complaining, so it must have been > executed. That argues against the hypothesis that Amanda > can't run runtar at all because it's not in the "amanda" group. > > And runtar clearly is setuid root. > > I wonder if the file system is mounted "nosuid"..... You > could test it by copying the "id" program into the directory > where runtar lives, making it setuid root, and running it as > a nonroot user to see what it says. (MAKE SURE to nuke your > copy as soon as you're finished with it; "id" presumably > hasn't been audited for setuid-safety!) > > On a Solaris box, I get (I've edited out the list of secondary > groups): > % pwd > /home/erics/test > > % ls -ld id > // I took away its world-execute more for security paranoia > // than for the sake of strictly emulating runtar's perms > -rwsr-x--- 1 root erics 8044 Feb 21 14:39 id > > // The real "id" command just says I'm me -- ho hum > % /bin/id -a > uid=1000(erics) gid=1000(erics) groups=... > > // My setuid-root "id" command. Still says my uid is my own, > // but note the "euid=0(root)"; that's what we're looking > // for. (euid==0 && uid==<yours>) is the sign of a > // setuid-root executable. (Similarly with gid's for setgid, > // but that's not relevent here.) > % ./id -a > uid=1000(erics) gid=1000(erics) euid=0(root) groups=... > > // And just as a check, run it from a root shell; the "euid=" > // has gone away, since both euid and ruid are now both 0. > # ./id -a > uid=0(root) gid=1(other) groups=... > > -- > > | | /\ > |-_|/ > Eric Siegerman, Toronto, Ont. [EMAIL PROTECTED] > | | / > The animal that coils in a circle is the serpent; that's why > so many cults and myths of the serpent exist, because it's > hard to represent the return of the sun by the coiling of a > hippopotamus. > - Umberto Eco, "Foucault's Pendulum" >
