Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

Cron utils must be SETUID local Administrator

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Windows - UNIX Interop] >> System & Network Admin Forum >> Cron utils must be SETUID local Administrator Page: [1]
Login
Message << Older Topic   Newer Topic >>
Cron utils must be SETUID local Administrator - Apr. 13, '06, 10:38:51 AM   
kwoksiu

 

Posts: 3
Joined: Apr. 11, '06,
Status: offline
I have setuid enabled according to FAQ using 'regedit'. I still get the following error:

$ id
uid=8891(siukwok) gid=1049089(Domain Users) groups=10490(Domain Users), 7618(TXSLLCOMXP712+ORA_DBA), 1316(+Administrators

$ crontab -l
crontab: Cron utils must be SETUID local Administrator: Operation not permitted

$ regpwd
regpwd: Program is not setuid to Administrator

------------------------------------------------------------
Please give me a step-by-step diagnosis. I guess that setuid may not be enabled or my account does not have administrator privilege. However, I can copy files in /usr/bin and setuid (chown u+s) as follows:

$ ls -l /usr/bin/crontab*
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontab
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontabO
$ chmod u-s crontabO
$ r ls
ls -l /usr/bin/crontab*
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontab
-rwxrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontabO
$ chmod u+s crontabO
$ r ls
ls -l /usr/bin/crontab*
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontab
-rwsrwxr-x 1 TXSLLCOMXP712+Administrator +Administrators 137728 Nov 8 2003
/usr/bin/crontabO
Post #: 1
RE: Cron utils must be SETUID local Administrator - Apr. 13, '06, 12:26:07 PM   
woehlkmp

 

Posts: 102
Status: offline
Are you running SFU (3.5) or SUA (5.2)? Might you be running into this problem?

(in reply to kwoksiu)
Post #: 2
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 1:32:41 PM   
harvero

 

Posts: 14
Joined: Apr. 25, '06,
Status: offline
I am having the same issue as kwoksui.

I am running window XP SP2 and SFU 3.5. I installed with setuuid
enabled and the value of
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Services for UNIX
is EnableSetuidBinaries = REG_DWORD 0x00000001.
The PC has been rebooted yet I get:
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> crontab -p
crontab: Cron utils must be SETUID local Administrator: Operation not permitted

What else can I check. I have local admin on my PC with a domain account. Perhaps there is some domain security setting that is blocking the setuid function?

(in reply to woehlkmp)
Post #: 3
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 1:51:24 PM   
Rodney

 

Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
Have to ask the obvious one first : does an "ls -l" show
that /bin/crontab is a setuid file with owner "+Administrator"?

If that's okay then try, as local administrator, taking the setuid bit off
and then add it back on. (chmod -s then chmod +s)
[I'm not saying you should have to do this, but it's a workaround that may work]

(in reply to harvero)
Post #: 4
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 3:54:37 PM   
harvero

 

Posts: 14
Joined: Apr. 25, '06,
Status: offline
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> ls -l /bin/crontab
-rwsrwxr-x 1 NJCWDDELXP567+Administrator +Administrators 137728 Nov 8 2003
/bin/crontab
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> chmod -s /bin/crontab
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> chmod +s /bin/crontab
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> ls -l /bin/crontab
-rwsrwsr-x 1 NJCWDDELXP567+Administrator +Administrators 137728 Nov 8 2003
/bin/crontab
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P> crontab -p
crontab: Cron utils must be SETUID local Administrator: Operation not permitted
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/P>

Still does not work

(in reply to Rodney)
Post #: 5
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 4:11:05 PM   
harvero

 

Posts: 14
Joined: Apr. 25, '06,
Status: offline
It looks like setuid does not work on my systems. I created a one line shell script called test.sh as follows:

WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/C> cat ./test.sh

id
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/C> ./test.sh
uid=1049683(bobh) gid=1049089(Domain Users) groups=1049089(Domain Users), 65792(
+Everyone), 131616(+Administrators), 131617(+Users), 66820(+INTERACTIVE), 66827(
+Authenticated Users), 4095(CurrentSession), 66048(+LOCAL), 1089871(NSA Outage R
eport), 1109099(Support-MIIS Servers), 1084115(NSS-East), 1090197(HQ-NSSPMOShare
Access-GG), 1116066(Support-FloridaAdmin), 1081439(Dakota Tracer), 1081348(Cryst
al Reports Dev), 1089842(Primavera Tracking DB Citrix Access GG), 1090363(Suppor
t-SAN), 1050684(East-njbd), 1115862(Support-Secondary), 1090218(Primavera Suppor
t Access), 1090236(Support-NetGeo), 1109097(Support-MOM Servers), 1116019(Suppor
t-NOCCWEB), 1113259(Support-Casabyte), 1108837(SMS Remote), 1113224(Support-FLPC
Servers), 1109096(DBA Support Group), 1113174(Support-LCS), 1050247(pvcitrix), 1
090001(Support-BigFix), 1090238(Support-Primavera), 1090222(Support-BlackICE), 1
089933(Support-Directrix), 1050680(User-East), 1109098(Support-SMS Servers), 108
9885(Support-Trend), 1090248(Support-TellabsEMS), 1116106(Support-ISA), 1115750(
Support-Vantage), 1115961(SMSQueryUser), 1090044(Support-NIWeb), 1118321(support
-edn ops webserver), 1090421(Support-OPNET), 1115962(SMSReportUser), 1089937(CER
TSVC_DCOM_ACCESS), 1078416(NYRO-RegFinanceFol-Read-DL)
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/C> ls -l test.sh
-rwsr-xr-x 1 NJCWDDELXP567+oracle +SYSTEM 4 Apr 26 10:55 test.sh
WIN-VZWNET+bobh@NJCWDDELXP567:/dev/fs/C>

Or does SFU not allow setuid shell scripts?

(in reply to harvero)
Post #: 6
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 5:04:56 PM   
Rodney

 

Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
Setuid scripts are not allowed -- they are too big a potential security hole.
Just binaries are allowed.
And an owership change will strip the 's' bit too for security.

crontab -p not working still though.
And you did reboot after the registry was changed.

"NJCWDDELXP567" is the name of your machine, right?
(Just checking the ownership is local administrator)
Has your system undergone some sort of security configuration?
I'm wondering if +SYSTEM has had one of it's rights removed.

(in reply to harvero)
Post #: 7
RE: Cron utils must be SETUID local Administrator - Apr. 26, '06, 10:16:56 PM   
harvero

 

Posts: 14
Joined: Apr. 25, '06,
Status: offline
yes I did reboot and njcwddelxp567 is my pc name.

(in reply to Rodney)
Post #: 8
RE: Cron utils must be SETUID local Administrator - Apr. 28, '06, 12:54:22 AM   
Rodney

 

Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
But has your system had some changes to it for the default assigned rights?
In particular to the +SYSTEM account?

(in reply to harvero)
Post #: 9
RE: Cron utils must be SETUID local Administrator - May 3, '06, 10:29:08 AM   
harvero

 

Posts: 14
Joined: Apr. 25, '06,
Status: offline
I may have this resolved. Apparently the local administrator account had been renamed to "networke" (by our Windows desktop team), then a new account was created called administrator, that was not part of the "administers" group.

The crontab file was owned by MACHINE+administrator, we changed it's ownership to MACHINE+networke and then added back the setuid bit and now the "crontab -p" command appears to work.

The question is why are many of the interix files owned by the bogus administrator account and not by the renamed admin account. I plan on deleting the bogus "administrator" and then reinstalling SFU/interix.

(in reply to Rodney)
Post #: 10
Page:   [1]
All Forums >> [Windows - UNIX Interop] >> System & Network Admin Forum >> Cron utils must be SETUID local Administrator Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.078