Perl - /etc/shadow - Permission Denied

Question

The following command is being executed by a non root user :

perl -pi -e 's/^an24:/an24:\*LK*/g' /etc/shadow

A permission denied is being issued.

This indicates some privileges issues.

Can such command be executed?

I tried to set the setuid and group id on the script executing this command with no success.

The Operating System is Solaris 10.

See http://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts — Hauke Laging, Jun 11 '13 at 14:47

score 7 · Answer 1 · edited Oct 16 '16 at 14:22

Appropriately, non-root users cannot read the shadow file, so your setuid script is a good idea.

Unfortunately, Solaris will not honor setuid bits on scripts. You can demonstrate this with a perl script:

Perl:

#!/usr/bin/perl

use POSIX qw(geteuid);
print "$0 is running as ".geteuid()."\n";
unlink "testfile-created-by-$0";
open(fh,">testfile");

close(fh);

and then run the script like this

$ id -u
1000
$ chmod 755 test-script.pl 
$ ./test-script.pl 
./test-script.pl is running as 1000
$ sudo chown root:root test-script.pl
$ sudo chmod 5755 test-script.pl 
$ ./test-script.pl 
./test-script.pl is running as 1000

So what to do then? One easy solution would be to actually run the perl script as root, using sudo or via the root user's crontab.

Another solution would be to add the user who will run this script to the group who owns /etc/shadow like so

usermod -a -G shadow yourusernamehere

Solaris honors setuid for me. try 'chmod a+sx test-script.pl'. Adding a user who should be able to to read the shadow file to the shadow group is probably a better solution, though. — Tim Kennedy, Jun 14 '13 at 19:16

score 1 · Accepted Answer · answered Jun 11 '13 at 20:09

1

Use sudo:

sudo perl -pi -e 's/^an24:/an24:\*LK*/g' /etc/shadow

answered Jun 11 '13 at 20:09

bahamat

39,666
4
75
104

Perl - /etc/shadow - Permission Denied

2 Answers2