SUID

Emmanuel le Chevoir manu at 3rd.dyndns.org
Thu Mar 14 11:47:34 EST 2002


Sreedhar Gupta wrote:
> Hi,
> Can any one please explain me why SUID bit set for "Kadmin" (remote admin).

Well, it isn't set on my installation. In your case, I suppose it has been 
set to allow kerberos administration delegation to a simple local user
(i.e. not root on the machine). 

Suppose you have to administrate a kerberos enabled ftp server on a specific
host, on which you are not root. You will have to write keytabs to
/etc/krb5.keytabs, which belongs to root and should not be world
readable (nor writeable :). If the kadmin binary isn't setuid root, you
will never be able to update the file. If it is, well you get the
picture.

--
Emmanuel le Chevoir



More information about the Kerberos mailing list