suid problems
James M Craig
jmc at cs.rit.edu
Fri Feb 15 13:29:31 EST 2002
Our department is planning on implementing kerberos v5 soon, and I have
to assess what changes will be needed in our department for this to
work. We are running Solaris 8, and I am installing SEAM 1.0.1
The first problem that I am faced with is dealing with
scripts that are suid and access files over nfs. The way things work
now, a student runs a program to submit their coursework. This program
is suid to a 'submit' uid, and this submit uid is allowed to dump files
into the grader accounts, compile and run the projects, and provide
feedback to the students.
In my test Realm, I have noticed that if I run a program that is suid
to another user, and attempt to write a file to an NFS mounted directory
(exported with sec=krb5i), it doesn't work. My understanding is that
the process, which is now owned by someone else, does NOT have any
credentials to manipulate the NFS mounted directory...
Has anyone else had to deal with this? What sort of changes are
necessary?
Jim Craig
jmc at cs.rit.edu
More information about the Kerberos
mailing list