Subject: Re: su(1) asking for pw if euid==0
To: None <>
From: Christos Zoulas <>
List: tech-userlevel
Date: 07/11/2007 02:07:34
In article <>,
Jukka Salmi  <> wrote:
>I'm having a problem with an rc script which sets ${name}_user to run
>the command as another user using su(1). While starting the command
>works fine, shutting it down doesn't.
>Since shutdown(8) is setuid root:operator I assume a non-root user in
>group `operator' should be allowed to shut down the system. Is this
>correct? However, this results in rc.shutdown being run as uid!=0 and
>euid==0. Nevertheless su(1) asks for a password when trying to kill
>the non-root process. Is this intended behaviour? If yes, rc.subr
>should probably be changed to kill _all_ process as root, not only
>those not setting ${name}_user.
>To reproduce the core of the problem:
>$ id
>uid=1000(jukka) gid=1000(jukka) groups=1000(jukka),0(wheel),5(operator),[...]
>$ sudo cp /bin/ksh /
>$ sudo chown 0:0 /ksh
>$ sudo chmod 4554 /ksh
>$ /ksh
># id
>uid=1000(jukka) gid=1000(jukka) euid=0(root)
># su -m daemon -c id     
>This works as expected for root:
>$ sudo su -
># id
>uid=0(root) gid=0(wheel) groups=0(wheel),[...]
># su -m daemon -c id
>uid=1(daemon) gid=1(daemon) groups=1(daemon)
>So, what should be fixed? su(1), rc(8) or my understanding of them?

Make the setuid program set the real id to 0 before exec'ing su.