Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

Issue with su (setuid) on Vista 5600

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [SFU / Interix / SUA Technology] >> Windows Server 2003 R2 SUA >> Issue with su (setuid) on Vista 5600 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Issue with su (setuid) on Vista 5600 - Sep. 25, '06, 4:39:00 AM   
jmadler

 

Posts: 2
Joined: Sep. 24, '06,
Status: offline 		I installed SUA on Vista RC1 (Build 5600), with all options enabled (all items, setuid, and case-sensitive fs). However, I encountered the following issue when attempting to su to Adminstrator to install a package:

% who
jmadler               ttyn00       Sep 25 04:33
% whoami
jmadler
% su -
Password:
su: setuser: Operation not permitted
Sorry
% su Adminstrator
su: unknown login Adminstrator
% su root
su: unknown login root
%
Post #: 1
RE: Issue with su (setuid) on Vista 5600 - Sep. 25, '06, 12:50:02 PM   
Rodney

 

Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline 		Refer to the instructions (item #2) at:
http://www.flexbeta.net/main/articles.php?action=show&id=121
for getting the Administrator account active.

(in reply to jmadler)
Post #: 2
RE: Issue with su (setuid) on Vista 5600 - Sep. 25, '06, 5:47:59 PM   
geprieto

 

Posts: 15
Joined: Sep. 14, '06,
Status: offline 		No, I think this is the same problem I had last week. I reinstalled Vista RC1, added the Admin account, added the SUA service, installed the SDK with setuid and case sens, but it still reports the same problem...

Must be Vista's fault, not SUA related I guess.

(in reply to Rodney)
Post #: 3
RE: Issue with su (setuid) on Vista 5600 - Sep. 25, '06, 6:16:09 PM   
Rodney

 

Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline 		It'd be a good thing to check the actual registry entry to be sure something
hasn't removed or inverted the setting(s).

(in reply to geprieto)
Post #: 4
RE: Issue with su (setuid) on Vista 5600 - Sep. 25, '06, 6:21:46 PM   
geprieto

 

Posts: 15
Joined: Sep. 14, '06,
Status: offline 		Checked already: EnableSetuidBinaries {REG_DWORD} = 0x00000001 (1)

(in reply to Rodney)
Post #: 5
RE: Issue with su (setuid) on Vista 5600 - Sep. 25, '06, 7:48:46 PM   
jmadler

 

Posts: 2
Joined: Sep. 24, '06,
Status: offline 		Same. Enabled the admin account and enabled that registry key, and still no go.

(in reply to geprieto)
Post #: 6
RE: Issue with su (setuid) on Vista 5600 - Sep. 26, '06, 1:37:07 AM   
Rodney

 

Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline 		Let's get another couple of bits of information then...

For the user that's doing the su what is the output from "id -D"?

If you do a trace on the run, "truss su -, what is the output?

(in reply to jmadler)
Post #: 7
RE: Issue with su (setuid) on Vista 5600 - Sep. 26, '06, 12:47:43 PM   
geprieto

 

Posts: 15
Joined: Sep. 14, '06,
Status: offline 		Ok, here it is:


Welcome to the SUA utilities.

DISPLAY=localhost:0.0
% id -D
uid=197608(almejin+geprieto) gid=197121(almejin+None_ploc) groups=197121(almejin
+None_ploc), 65792(+Everyone), 131617(BUILTIN+Users), 66820(NT AUTHORITY+INTERAC
TIVE), 66827(NT AUTHORITY+Authenticated Users), 66831(NT AUTHORITY+This Organiza
tion), 4095(CurrentSession), 66048(+LOCAL), 262154(NT AUTHORITY+NTLM Authenticat
ion), 401408(Mandatory Label+Medium Mandatory Level)
% truss su -
tracing pid 323
getdata() getdata returned 0
getrlimit(1, ) getrlimit returned 0
pthread_inform_signals() pthread_inform_signals returned 0
prio() prio returned 0
prio() prio failed: errno 1, Operation not permitted

getids() getids returned 0
getids() getids returned 0
getpwuid(0x303E8) getpwuid returned 0
getpwnam(almejin\geprieto) getpwnam returned 0
getpwuid(0x301F4) getpwuid returned 0
getids() getids returned 0
open("/dev/tty", 0x303, 0666) open returned 3
sigprocmask(1, 0x82fad0, 0x0) sigprocmask returned 0
tcgetattr(3, ) tcgetattr returned 0
tcsetattr(3, 3, ) tcsetattr returned 0
fstat(3, 0x1580610) fstat ret: 0 dev: 0x40000000000043 ino: 0x00017a7d
isatty(3) isatty returned 0
isatty(3) isatty returned 0
write(3, 0x994268, 9) Password:write returned 9
lseek(3, 0, 0) lseek returned 0
read(3, 0x994268, 4096)

< Message edited by geprieto -- Sep. 26, '06, 12:50:08 PM >

(in reply to Rodney)
Post #: 8
RE: Issue with su (setuid) on Vista 5600 - Sep. 27, '06, 5:20:31 AM   
spahlinger

 

Posts: 28
Joined: Jul. 9, '04,
Status: offline 		Be sure to spell the account correctly: "Administrator", not "Adminstrator", as you did.

(in reply to jmadler)
Post #: 9
RE: Issue with su (setuid) on Vista 5600 - Sep. 28, '06, 9:35:20 AM   
shan.ks

 

Posts: 7
Joined: Mar. 9, '06,
Status: offline 		Below is an excerpt from Vista SUA help file 'What's New in Subsystem for UNIX-based Application'. This was done inline with some of the security changes in Vista. An option to change this registry key during SDk setup will be added to RTM version of SDK so that this is more discoverable.

<snip>

EnableSuToRoot registry key
User Account Control is enabled by default. When User Account Control is enabled, any application or task that impersonates another user who is a member of the Administrators group (by using the su, cron, or login utilities, setuid, any of the setuid or exec_asuser family of calls, as examples) always runs in the security context of a standard user account.

With default settings, an application cannot impersonate the root user. You can control this behavior by modifying the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SUA\EnableSuToRoot.

How to modify the EnableSuToRoot registry key
Perform the following steps to change the setting of the EnableSuToRoot registry key after you install Subsystem for UNIX-based Applications.

To change the setting of the EnableSuToRoot registry key

Click Start, click in the Start Search text box, and type regedit to open Registry Editor.

In the hierarchy pane, open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SUA.

In the results pane, double-click EnableSuToRoot.

In the Value data box, enter 0 to disallow impersonation of the root user, or 1 to allow it.

The default setting is 0.

Click OK.

Close Registry Editor; if prompted, save your changes.

When the value of this key is set to 0 (the default setting), impersonation of the root user is disallowed. When the value is set to 1, impersonation of the root user is allowed. When an application impersonates the root user or Administrator account, the application has the administrative security context of the root (Administrator) user.
</snip>

Shanmugam[MSFT]

(in reply to jmadler)
Post #: 10
Page:   [1]
All Forums >> [SFU / Interix / SUA Technology] >> Windows Server 2003 R2 SUA >> Issue with su (setuid) on Vista 5600 Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS

Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.063