exploring the users "as whom" processes operate


Note: please follow the instructions carefully in terms of where you run the commands from. Running them from terminal windows within the GUI interface for example rather than the virtual terminals indicated won't produce the target result of the exercise.

The exercise to perform

Log in on virtual terminal 1 as root. Create new user accounts "tom" "dick" and "harry" having "password" as their password. Create tom for example, by:

useradd tom
passwd tom

Use ftp from a server (designated by the instructor) to get:

  fork9.c
  ids.c

Examine the source code for both. fork9.c is a super-simple shell that asks the user for a command, then fork/exec's it. ids.c shows how to get the real and effective user id's for a process and print them. Borrow from ids.c to insert a line in fork9.c, so that when it runs it prints on screen what user is running it. That is, insert something like:

  printf( "Running as real UID %d and effective UID %d\n\n",getuid(),geteuid());

right after the "Welcome" line before fork9.c's main while loop.

Compile these, for example:

  gcc  fork9.c  -o  dshell
  gcc  ids.c  -o  ids

Make sure the resulting binaries are world-executable, for example:

  chmod  o+x dshell  ids

and copy them into /usr/local/bin, where they will be accessible to other users.

Go to virtual terminal 2 (ctrl-alt-F2); login there as user tom. A running shell will result. This shell process will have a PID (process id number) and an associated user. Use the ps command to reveal information about tom's shell:

  ps -ef

From the output 1) verify tom is the user for this process, 2) verify it is associated with terminal 2 (tty2), 3) identify and write down its PID.

Go to virtual terminal 3 (ctrl-alt-F3); login there as user dick. Another running shell will result. Using the ps command to reveal information about dick's shell:

  ps -ef

From the output 1) verify dick is the user for this process, 2) verify it is associated with terminal 3 (tty3), 3) identify and write down its PID. Note that tom's earlier bash process is still visible, along with dick's.

Construct a process family tree. Have dick run:

  ps  -ef  --header  |  less

You will see (scroll to the bottom of the output) 3 processes by dick and 1 by tom. For each, write its PID and the command/program of which it is an instance. Note that not only the PID but also the PPID (parent process' s id) is shown. Using that, find the parent processes for each of tom's and dick's processes, and then the parent process for each of those. Trace the process genaeology back to the common, first process. What is that "original" process in linux called? Write a process genaeology family tree:

Each box represents a process. In each box write 1) the PID, 2) the command that the process is running, 3) the user as whom it's doing so. When finished quit out of "less".

 

Become tom, by going to virtual terminal 2 (ctrl-alt-F2) where tom is running a shell. There, run dshell. From within dshell, run /usr/local/bin/ids.
Become dick, by going to virtual terminal 3 (ctrl-alt-F3) where dick is running a shell. There, run dshell. From within dshell, run /usr/local/bin/ids.

When "dshell" shows you its process user ids (real and effective), where did they come from? That is, if they're 505, why 505? When "ids" shows you its process user ids, where did it get them (same question)? The process user ids of a process derive from where?

Using the su command

As dick, terminate dshell (ctrl-C). Rerun it, but this time run it through the "su" command which lets you determine a user id for the process other than your own. Run dshell as follows:

  su tom -c dshell

(you will have to give tom's password). Again run /usr/local/bin/ids from within dshell and pay attention to the user ids shown. Now terminate dshell running by disk but as tom, and run it by dick as root:

  su -c dshell

If you omit a user specification, "root" is the user as whom the command will be run by default. Again run /usr/local/bin/ids from within dshell and pay attention to the user ids shown. Now terminate dshell running by disk but as root. Run simply:

  su

If you omit the program specification, bash is the program that will be run by default. The result is a "root shell." After observing the root shell by giving the root user's password, return to dick's shell by "exit"ing.

Using the SUID permission on executable files

Return to virtual terminal 1 where the shell is running as root. Execute the following:

  ls  -l  /usr/local/bin/ids
  chown  harry  /usr/local/bin/ids
  chmod  +s  /usr/local/bin/ids
  ls  -l  /usr/local/bin/ids

Return to virtual terminal 3 where the shell is running as dick. Execute:

  ids

Note the difference between the real and effective user ids reported. /usr/local/bin/ids is said to be "set UID" to its owner, and its owner is harry.

Using sudo

As root, start a few "sleep" processes and then observe their presence:

sleep 1000 &
sleep 2000 &
sleep 3000 &
ps -ef
jobs

Switch to virtual terminal 2 in order to be tom. There, try to kill the sleep processes that user root just started:

killall sleep

It didn't work. Try it another way, through sudo:

sudo killall sleep

Still didn't work. It needs to be configured to do so. Switch back to virtual terminal 1 in order to be root. There, add the following line to the file /etc/sudoers:

tom  ALL=(root)  /usr/bin/killall  sleep

Return to virtual terminal 2 and again as tom try:

sudo killall sleep

When prompted for a password, give tom's not root's. Return to virtual terminal 1 and as root:

jobs