su: must be suid to work properly

rameshkumar · ‎04-17-2015

Hi All,

I am working on Imx6 sabresd board, based on yocto. I am doing implementation of busybox commands through boa server and don't get root permissions. Manually , i create that issue again with su command at kernel prompt as followed below.

Does anyone know how to provide permission to busybox commands , through implementaion of Boa server

Following are the logs :

root@imx6qsabresd:~# 192.168.1.17 - - [20/Mar/2015:21:58:53 +0000] "GET /mgmt.html HTTP/1.1" 304 0 "http://192.168.1.100/Home.html" "Mozilla/5.0

(X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/41.0.2272.76 Chrome/41.0.2272.76 Safari/537.36"

192.168.1.17 - - [20/Mar/2015:21:58:53 +0000] "GET /css/style.css HTTP/1.1" 304 0 "http://192.168.1.100/mgmt.html" "Mozilla/5.0 (X11; Linux x86_

64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/41.0.2272.76 Chrome/41.0.2272.76 Safari/537.36"

192.168.1.17 - - [20/Mar/2015:21:58:53 +0000] "GET /js/jquery-1.9.1.js HTTP/1.1" 304 0 "http://192.168.1.100/mgmt.html" "Mozilla/5.0 (X11; Linux

x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/41.0.2272.76 Chrome/41.0.2272.76 Safari/537.36"

192.168.1.17 - - [20/Mar/2015:21:58:53 +0000] "GET /js/common.js HTTP/1.1" 304 0 "http://192.168.1.100/mgmt.html" "Mozilla/5.0 (X11; Linux x86_6

4) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/41.0.2272.76 Chrome/41.0.2272.76 Safari/537.36"

192.168.1.17 - - [20/Mar/2015:21:58:53 +0000] "GET /js/jquery-ui.js HTTP/1.1" 304 0 "http://192.168.1.100/mgmt.html" "Mozilla/5.0 (X11; Linux x8

6_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/41.0.2272.76 Chrome/41.0.2272.76 Safari/537.36"

192.168.1.17 - - [20/Mar/2015:21:58:53 +0000] "GET /css/jquery-ui.css HTTP/1.1" 304 0 "http://192.168.1.100/mgmt.html" "Mozilla/5.0 (X11; Linux

x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/41.0.2272.76 Chrome/41.0.2272.76 Safari/537.36"

192.168.1.17 - - [20/Mar/2015:21:58:54 +0000] "GET /upgrade_new.html HTTP/1.1" 304 0 "http://192.168.1.100/mgmt.html" "Mozilla/5.0 (X11; Linux x

86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/41.0.2272.76 Chrome/41.0.2272.76 Safari/537.36"

"(null)"

192.168.1.17 - - [20/Mar/2015:21:59:03 +0000] "POST /cgi-bin/uploadfile.cgi HTTP/1.1" 200 0 "http://192.168.1.100/upgrade_new.html" "Mozilla/5.0

(X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/41.0.2272.76 Chrome/41.0.2272.76 Safari/537.36"

exit successfully

File image.img , untar successfully

md5sum created of uImage(sum4), Device Tree(sum5) and root file system(sum6)

All md5sum files opend for checksum

files open for reading of uImage md5sum(sum1 and sum4)

files open for reading of Device Tree md5sum(sum2 and sum5)

files open for reading of file system core-image.rootfs.ext3 md5sum(sum3 and sum6)

make directory /media/kernel

Directory is made at /media/kernel.

give permissions 777 to /media/kernel

Permission granted 777 /media/kernel.

give permissions 777 to /dev/mmcblk0p1

chmod 777 -R /dev/mmcblk0p1: Operation not permitted

Permission granted 777 /dev/mmcblk0p1.

mount /dev/mmcblk0p1 /media/kernel

mount: permission denied (are you root?)

/media/kernel is open.

Copying uImage in EMMC

uImage copied

Copying Device Tree in EMMC

Device Tree copied

sync

sync command

unmounting kernel /dev/mmcblk0p1

umount: can't umount /media/kernel: Operation not permitted

give permissions 777 to /dev/mmcblk0p2

chmod: /dev/mmcblk0p2: Operation not permitted

Permission granted 777 /FILe System.

Copying root file system in /dev/mmcblk0p2

dd: can't open '/dev/mmcblk0p2': Permission denied

I have recreated the issue at console with following commands :

root@imx6qsabresd:~# su 34

su: unknown user 34

root@imx6qsabresd:~# su nobody

nobody@imx6qsabresd:/home/root$

nobody@imx6qsabresd:/:/home/root$ whoami

nobody

when i do same as root user , then it gives error as followed

nobody@imx6qsabresd:/$ su root

su: must be suid to work properly

nobody@imx6qsabresd:/$ umount /media/kernel/

umount: can't umount /media/kernel/: Operation not permitted

I read somewhere during browsing that busybox command's are not in suid mode, On checking it is as defined below.

nobody@imx6qsabresd:/$ ls ./bin/busybox -l

lrwxrwxrwx 1 1000 1000 14 Mar 20 17:25 ./bin/busybox -> busybox.nosuid

On changing it's permission with chmod, nothing happens.

nobody@imx6qsabresd:/$ chmod u+s ./bin/busybox

chmod: ./bin/busybox: Operation not permitted

id command shows below output:

nobody@imx6qsabresd:/$ id

uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)

nobody@imx6qsabresd:/$ chown -R nobody:nobody ./bin/busybox

chown: unknown user/group nobody:nobody

Thanks.

rameshkumar · ‎05-26-2015

Hi Victor,

Thanks for your reply,

I am accessing the board through boa server and in it's configuration file i.e boa.conf there's a User and Group options which are configured to "nobody" and "nogroup" and got error's related to permissions.

On configuring the following options in boa.conf, then board is accessed with full permissions.

User root

Group 0

However, I will check with this also: chmod u+s ./bin/busybox.nosuid

Thanks,

Have a Great Day,

Ramesh.

b36401 · ‎04-21-2015

The command "chmod u+s ./bin/busybox" seems to be wrong. Setting suid bit to symling is useless.

You need to set this bit to destination binary instead. I mean something like this:

# chmod u+s ./bin/busybox.nosuid

Have a great day,

Victor

-----------------------------------------------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct Answer button. Thank you!