Web lists-archives.com

Permissions in setuid-root-program


I want to ask for possible reasons why a program with setuid-root file permission (or a program with special Linux capabilities), when it is called by an unprivileged user from PAM module pam_exec, behaves very different from when it is called by an unprivileged user from the command line.

So far, I had the following differences:

1. When I do not give the setuid-root file permission to the program, but give it the Linux cap_setuid capability, that works from the command line, but with pam_exec the program is not run at all, with error "Operation not permitted".

2. For further execution of the program, not only the effective, but also the real UID hast to be 0. From the command line, this works when I use setuid(0) in the program code, but with pam_exec, setuid(0) fails to change the real UID and I have to use setreuid(0,0) instead.

3. Though real and effective UID are 0, I still get errors like "Permission denied" and "Operation not permitted" when the program is called from pam_exec. First, this happened when executing external command lvcreate from my setuid-root program, and after I solved that now by using lvm dbus library calls instead, I even get an "Operation not permitted" when doing a simple chown() on a directory in the local filesystem. Of course, this all works perfectly when I start my program from the command line.

So, I would like to know how it is possible that operations fail with "Permission denied" or "Operation not permitted" though both getuid() and geteuid() return 0.