From owner-freebsd-questions  Wed May 13 15:13:47 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA28787
          for freebsd-questions-outgoing; Wed, 13 May 1998 15:13:47 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from mail.xmission.com (mail.xmission.com [198.60.22.22])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA28774
          for <freebsd-questions@freebsd.org>; Wed, 13 May 1998 15:13:40 -0700 (PDT)
          (envelope-from skb@asgard.slcc.edu)
Received: from (lightning.xmission.com) [166.70.9.102] 
	by mail.xmission.com with smtp (Exim 1.82 #2)
	id 0yZjmO-0006L9-00; Wed, 13 May 1998 16:13:40 -0600
Message-ID: <355A1B7F.70D4@asgard.slcc.edu>
Date: Wed, 13 May 1998 16:15:27 -0600
From: Scott Brown <skb@asgard.slcc.edu>
Reply-To: skb@asgard.slcc.edu
Organization: Salt Lake Community College
X-Mailer: Mozilla 3.01 (Win95; I)
MIME-Version: 1.0
To: Doug White <dwhite@resnet.uoregon.edu>
CC: freebsd-questions@FreeBSD.ORG
Subject: Re: Running quota(1) with setuid
References: <Pine.BSF.3.96.980513144108.1690O-100000@gdi.uoregon.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Doug White wrote:
> 
> On Sat, 5 Sep 1998, Scott Brown wrote:
> 
> > I'm trying to run quota(1) as root (as part of a CGI script), but I'm
> > not getting the results I want.  I've done "chmod 4755 quota", which in
> > theory should allow any user to look at any other user's quota info, but
> > quota still gives me the "permission denied" error.  What am I missing?
> 
> Are you sure you're running the right quota binary?  Try giving an
> explicit path.

Yes.  I actually copied the quota binary to the cgi-bin directory,
renaming it 'ckquota' -- mainly so that I could mess with it without
breaking the original copy.

The CGI interface is working correctly, as far as it goes.  If I ask it
for user "www"'s quotas, it'll show them to me (because I have Apache
running in its own account, named "www").  If I ask for any other user's
quotas, I get an empty document returned, and a line in my
httpd-error.log like this:

    ckquota: skb (uid 1001): permission denied 

Which is quite in line with what the quota(1) man page says should
happen.  So adding the setuid bit to ckquota hasn't changed its behavior
at all.  Incidentally, ckquota is owned by "root:www".

I'm lost.  I thought I understood how setuid stuff worked, but I'm
having doubts...

-Scott

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message