setuid confusion

alex at crackpot.org alex at crackpot.org
Thu Nov 1 13:24:27 MST 2007 

On re-reading, this question has gotten rather long.  I was trying to  
include all the information that might be relevant.  Sorry if I've  
included a bunch of stuff that isn't...

I'm setting up a website development environment for a group of  
developers.  We want a 'dev' area where everyone can work on things,  
and a 'live' area which is the Apache document root.  We want to  
ensure that any changes to the live site go through version control,  
for accountability, etc.  No one should be able to edit the live site  
directly, only the dev site.

Here's what I've set up:

  - /www/dev and /www/live are both working copies of the same SVN repository.
  - /www/dev is owned by me, and a group called wwwdev.  The directory  
and all files in it are group-writeable, so anyone in the wwwdev group  
can make changes and commit them.
  - /www/live is owned by a user wwwlive (also group wwwlive).  No one  
else is in this group, only this user.  Thus no other users can edit  
the files in this directory directly.
  - I've written a very simple C program that runs an 'svn update'  
command for the /www/live directory.  The binary version, called  
'live_svn_update' is owned by wwwlive, and is setuid and setgid.   
(chmod ug+s).  So, anyone can run this program to bring the /www/live  
tree up to the latest of what's in the repository (checked in from  
/www/dev), even though they can't edit anything in /www/live directly.

The problem is that while this works great on my workstation (where I  
first tried it out), I can't get it working correctly on the server  
where we'll actually do the development.  I'm really confused about  
why.  Debugging code I've added to the program shows that the  
effective UID and GID are being changed to wwwlive, but the 'svn  
update' command fails due to a permissions error.  Running the program  
while logged in as wwwlive works perfectly.

My workstation is Ubuntu, while the server is RHEL, but I can't find  
anything which would say that matters.

[alexd]$ pwd
/www
[alexd]$ ls -l
total 32
drwxrwxr-x  4 alexd   wwwdev          4096 Nov  1 10:13 dev
drwxr-xr-x  4 wwwlive wwwlive         4096 Nov  1 12:50 live
-rwsr-sr-x  1 wwwlive wwwlive         7660 Nov  1 12:44 live_svn_update
-rw-r--r--  1 wwwlive wwwlive          383 Nov  1 12:44 live_svn_update.c

[alexd]$ more live_svn_update.c
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main(void)
{
     printf("Real UID\t= %d\n", getuid());
     printf("Effective UID\t= %d\n", geteuid());
     printf("Real GID\t= %d\n", getgid());
     printf("Effective GID\t= %d\n", getegid());

     system( "/usr/local/bin/svn update /live_www/azc2008redesign/live/" );
     return EXIT_SUCCESS;
}

Compiled with : gcc -Wall live_svn_update.c -o live_svn_update

[alexd]$ egrep 'alexd|wwwlive' /etc/passwd
alexd:x:110115:20014:Alex Dean:/home/alexd:/bin/bash
wwwlive:x:100313:20023:Live WWW Owner:/home/livewww:/bin/bash

[alexd]$ egrep 'alexd|wwwlive' /etc/group
alexd:x:20014:alexd
wwwlive:x:20023:

When I log in as wwwlive and run the update, it's fine.
[wwwlive]$ ./live_svn_update
Real UID        = 100313
Effective UID   = 100313
Real GID        = 20023
Effective GID   = 20023
At revision 3.

When I run it as myself, you can see that the UID and GID are changing  
to those of wwwlive, but that doesn't need to give me the permissions  
I need to perform the update.
[alexd]$ ./live_svn_update
Real UID        = 110115
Effective UID   = 100313
Real GID        = 20014
Effective GID   = 20023
svn: Can't open file '/www/live/.svn/lock': Permission denied

So... I'm kinda stumped at the moment.  Anyone see anything I've  
missed, or something else I ought to try?

thanks,
alex

More information about the PLUG-discuss mailing list