| All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
| Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
Cron utils must be SETUID local Administrator
|
Logged in as: Guest |
| Users viewing this topic: none |
|
Login  |
|
|
 Cron utils must be SETUID local Administrator - Apr. 13, '06, 10:38:51 AM
|
|
|
kwoksiu
Posts: 3
Joined: Apr. 11, '06,
Status: offline
|
I have setuid enabled according to FAQ using 'regedit'. I still get the following error:
$ id
uid=8891(siukwok) gid=1049089(Domain Users) groups=10490(Domain Users), 7618(TXSLLCOMXP712+ORA_DBA), 1316(+Administrators
$ crontab -l
crontab: Cron utils must be SETUID local Administrator: Operation not permitted
$ regpwd
regpwd: Program is not setuid to Administrator
------------------------------------------------------------
Please give me a step-by-step diagnosis. I guess that setuid may not be enabled or my account does not have administrator privilege. However, I can copy files in /usr/bin and setuid (chown u+s) as follows:
$ ls -l /usr/bin/crontab*
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontab
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontabO
$ chmod u-s crontabO
$ r ls
ls -l /usr/bin/crontab*
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontab
-rwxrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontabO
$ chmod u+s crontabO
$ r ls
ls -l /usr/bin/crontab*
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontab
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontabO
|
|
|
|
|
RE: Cron utils must be SETUID local Administrator - Apr. 13, '06, 12:26:07 PM
|
|
|
woehlkmp
Posts: 102
Status: offline
|
Are you running SFU (3.5) or SUA (5.2)? Might you be running into this problem?
|
|
|
|
|
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 1:32:41 PM
|
|
|
harvero
Posts: 14
Joined: Apr. 25, '06,
Status: offline
|
I am having the same issue as kwoksui.
I am running window XP SP2 and SFU 3.5. I installed with setuuid
enabled and the value of
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Services for UNIX
is EnableSetuidBinaries = REG_DWORD 0x00000001.
The PC has been rebooted yet I get:
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> crontab -p
crontab: Cron utils must be SETUID local Administrator: Operation not permitted
What else can I check. I have local admin on my PC with a domain account. Perhaps there is some domain security setting that is blocking the setuid function?
|
|
|
|
 RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 3:54:37 PM
|
|
|
harvero
Posts: 14
Joined: Apr. 25, '06,
Status: offline
|
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> ls -l /bin/crontab
-rwsrwxr-x 1 NJCWDDELXP567+Administrator +Administrators 137728 Nov 8 2003
/bin/crontab
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> chmod -s /bin/crontab
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> chmod +s /bin/crontab
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> ls -l /bin/crontab
-rwsrwsr-x 1 NJCWDDELXP567+Administrator +Administrators 137728 Nov 8 2003
/bin/crontab
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> crontab -p
crontab: Cron utils must be SETUID local Administrator: Operation not permitted
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P>
Still does not work
|
|
|
|
|
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 4:11:05 PM
|
|
|
harvero
Posts: 14
Joined: Apr. 25, '06,
Status: offline
|
It looks like setuid does not work on my systems. I created a one line shell script called test.sh as follows:
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/C> cat ./test.sh
id
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/C> ./test.sh
uid=1049683(bobh) gid=1049089(Domain Users) groups=1049089(Domain Users), 65792(
+Everyone), 131616(+Administrators), 131617(+Users), 66820(+INTERACTIVE), 66827(
+Authenticated Users), 4095(CurrentSession), 66048(+LOCAL), 1089871(NSA Outage R
eport), 1109099(Support-MIIS Servers), 1084115(NSS-East), 1090197(HQ-NSSPMOShare
Access-GG), 1116066(Support-FloridaAdmin), 1081439(Dakota Tracer), 1081348(Cryst
al Reports Dev), 1089842(Primavera Tracking DB Citrix Access GG), 1090363(Suppor
t-SAN), 1050684(East-njbd), 1115862(Support-Secondary), 1090218(Primavera Suppor
t Access), 1090236(Support-NetGeo), 1109097(Support-MOM Servers), 1116019(Suppor
t-NOCCWEB), 1113259(Support-Casabyte), 1108837(SMS Remote), 1113224(Support-FLPC
Servers), 1109096(DBA Support Group), 1113174(Support-LCS), 1050247(pvcitrix), 1
090001(Support-BigFix), 1090238(Support-Primavera), 1090222(Support-BlackICE), 1
089933(Support-Directrix), 1050680(User-East), 1109098(Support-SMS Servers), 108
9885(Support-Trend), 1090248(Support-TellabsEMS), 1116106(Support-ISA), 1115750(
Support-Vantage), 1115961(SMSQueryUser), 1090044(Support-NIWeb), 1118321(support
-edn ops webserver), 1090421(Support-OPNET), 1115962(SMSReportUser), 1089937(CER
TSVC_DCOM_ACCESS), 1078416(NYRO-RegFinanceFol-Read-DL)
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/C> ls -l test.sh
-rwsr-xr-x 1 NJCWDDELXP567+oracle +SYSTEM 4 Apr 26 10:55 test.sh
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/C>
Or does SFU not allow setuid shell scripts?
|
|
|
|
|
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 5:04:56 PM
|
|
|
Rodney
Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
|
Setuid scripts are not allowed -- they are too big a potential security hole.
Just binaries are allowed.
And an owership change will strip the 's' bit too for security.
crontab -p not working still though.
And you did reboot after the registry was changed.
"NJCWDDELXP567" is the name of your machine, right?
(Just checking the ownership is local administrator)
Has your system undergone some sort of security configuration?
I'm wondering if +SYSTEM has had one of it's rights removed.
|
|
|
|
|
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 10:16:56 PM
|
|
|
harvero
Posts: 14
Joined: Apr. 25, '06,
Status: offline
|
yes I did reboot and njcwddelxp567 is my pc name.
|
|
|
|
|
RE: Cron utils must be SETUID local Administrator - Apr. 28, '06, 12:54:22 AM
|
|
|
Rodney
Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
|
But has your system had some changes to it for the default assigned rights?
In particular to the +SYSTEM account?
|
|
|
|
|
RE: Cron utils must be SETUID local Administrator - May 3, '06, 10:29:08 AM
|
|
|
harvero
Posts: 14
Joined: Apr. 25, '06,
Status: offline
|
I may have this resolved. Apparently the local administrator account had been renamed to "networke" (by our Windows desktop team), then a new account was created called administrator, that was not part of the "administers" group.
The crontab file was owned by MACHINE+administrator, we changed it's ownership to MACHINE+networke and then added back the setuid bit and now the "crontab -p" command appears to work.
The question is why are many of the interix files owned by the bogus administrator account and not by the renamed admin account. I plan on deleting the bogus "administrator" and then reinstalling SFU/interix.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
|
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|
Printable Version
: does an "ls -l" show