[SATLUG] rpm -a --setugids; rpm -a --setperms;

Christopher Lemire christopher.lemire at gmail.com
Sat Dec 1 15:36:45 CST 2012


[bull:~]$ ls -l /usr/bin/ping
-rwxr-xr-x. 1 root root 40912 Jan 25  2012 /usr/bin/ping
[bull:~]$ sudo rpm --setugids iputils
[sudo] password for bull:
[bull:~]$ ping -c 2 google.com
ping: icmp open socket: Operation not permitted
[bull:~]$ sudo chmod u+s /usr/bin/ping
[bull:~]$ ping -c 2 google.com
PING google.com (74.125.227.97) 56(84) bytes of data.
64 bytes from dfw06s16-in-f1.1e100.net (74.125.227.97): icmp_req=1
ttl=50 time=37.9 ms
64 bytes from dfw06s16-in-f1.1e100.net (74.125.227.97): icmp_req=2
ttl=50 time=34.9 ms

--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 34.959/36.462/37.966/1.515 ms
[bull:~]$



rpm -a --setugids; rpm -a --setperms;

These commands seem safe, right? rpm will look at each individual
package and set permissions according to the rpm package says they
should be. I ran these as advised for post upgrade of fedora (for me,
16 to 17). Then why after using this, 'su -' will fail to login as
user as root because it is missing SUID, ping fails as unprivileged
user, etc?

My friend did a fresh installation of Fedora 17, not an upgrade. By
default, his /usr/bin/ping did not have SUID and worked, but after he
ran:

rpm --setperms iputils
rpm --setugids iputils

His ping no longer worked, and SUID was not enabled as before.


1) I am looking for an explanation please.

2) Why did his (my friend) ping work without SUID the first time?

3) I ran this for the entire system. Now how am I going to fix it? If
I knew the explanation why this is happening, but ping works on a
fresh f17 install without SUID, I could probably find the solution.
(Note: Even su -, missing the SUID will not and did not work with the
correct root password, as well as many other files and permissions)

This issue is not related to SELinux. I have it set to Permissive, so
it is not causing the problems.



Christopher Lemire <christopher.lemire at gmail.com>
Ubuntu 64 bit Linux Raid Level 0

Gnu Privacy Guard Key Fingerprint = 3E1A 9103 EF3D 4885 6866  E9DE
C69F 18B3 E13B 0909

Web: http://linuxinnovations.blogspot.com
Jabber: recursivequicksort at jabber.org


More information about the SATLUG mailing list