Asp Forum - Super User Can't Change UID?

James Gray

1/27/2009 11:12:00 PM

Why would the super user not be able to switch UID's?

$ sudo ruby -r etc -e 'Process.uid = Etc.getpwnam("james").uid'
Password:
-e:1:in `uid=': Operation not permitted (Errno::EPERM)
from -e:1

Tips of TFM I should go R are welcome. :)

James Edward Gray II

13 Answers

Michel Boaventura

1/27/2009 11:22:00 PM

This works on my gentoo without any problem. Try to became root and
try to run to see if it's another problem.

2009/1/27 James Gray <james@grayproductions.net>:
> Why would the super user not be able to switch UID's?
>
> $ sudo ruby -r etc -e 'Process.uid = Etc.getpwnam("james").uid'
> Password:
> -e:1:in `uid=': Operation not permitted (Errno::EPERM)
> from -e:1
>
> Tips of TFM I should go R are welcome. :)
>
> James Edward Gray II
>
>
>

James Gray

1/27/2009 11:26:00 PM

On Jan 27, 2009, at 5:21 PM, Michel Boaventura wrote:

> This works on my gentoo without any problem. Try to became root and
> try to run to see if it's another problem.

It doesn't seem to work for me that way either:

$ sudo sh
Password:
sh-3.2# ruby -r etc -e 'Process.uid = Etc.getpwnam("james").uid'
-e:1:in `uid=': Operation not permitted (Errno::EPERM)
from -e:1

James Edward Gray II

James Gray

1/28/2009 12:42:00 AM

On Jan 27, 2009, at 5:11 PM, James Gray wrote:

> Why would the super user not be able to switch UID's?
>
> $ sudo ruby -r etc -e 'Process.uid = Etc.getpwnam("james").uid'
> Password:
> -e:1:in `uid=': Operation not permitted (Errno::EPERM)
> from -e:1

Another data point on this odd issue: Apple's bundled Ruby (I'm on OS
X) works:

$ sudo /usr/bin/ruby -r etc -e 'Process.uid =
Etc.getpwnam("james").uid'
Password:
$

It's just the Ruby I built that fails. How could I have messed this
up in the build?

James Edward Gray II

Rob Biedenharn

1/28/2009 12:46:00 AM

On Jan 27, 2009, at 6:26 PM, James Gray wrote:

> On Jan 27, 2009, at 5:21 PM, Michel Boaventura wrote:
>
>> This works on my gentoo without any problem. Try to became root and
>> try to run to see if it's another problem.
>
> It doesn't seem to work for me that way either:
>
> $ sudo sh
> Password:
> sh-3.2# ruby -r etc -e 'Process.uid = Etc.getpwnam("james").uid'
> -e:1:in `uid=': Operation not permitted (Errno::EPERM)
> from -e:1
>
> James Edward Gray II
>

It works for me on Ubuntu and Mac OS X also.

-Rob

Rob Biedenharn http://agileconsult...
Rob@AgileConsultingLLC.com

James Gray

1/28/2009 2:35:00 AM

On Jan 27, 2009, at 6:45 PM, Rob Biedenharn wrote:

> It works for me on Ubuntu and Mac OS X also.

Were you using Apple's bundled Ruby or something you compiled?

James Edward Gray II

Rob Biedenharn

1/28/2009 3:00:00 AM

On Jan 27, 2009, at 9:34 PM, James Gray wrote:

> On Jan 27, 2009, at 6:45 PM, Rob Biedenharn wrote:
>
>> It works for me on Ubuntu and Mac OS X also.
>
> Were you using Apple's bundled Ruby or something you compiled?
>
> James Edward Gray II

Apple's /usr/bin/ruby. (I'd answered before I saw your
clarification.) I also just ran it fine with macruby.

$ sudo macruby -r etc -e 'puts Process.pid,Process.uid; sleep 2;puts
"now"; Process.uid = Etc.getpwnam("rab").uid; puts Process.uid; sleep 2'
Password:
26951
0
now
501

I don't suppose that really helps you much.

-Rob

Rob Biedenharn http://agileconsult...
Rob@AgileConsultingLLC.com

James Gray

1/28/2009 3:06:00 AM

On Jan 27, 2009, at 9:00 PM, Rob Biedenharn wrote:

> On Jan 27, 2009, at 9:34 PM, James Gray wrote:
>
>> On Jan 27, 2009, at 6:45 PM, Rob Biedenharn wrote:
>>
>>> It works for me on Ubuntu and Mac OS X also.
>>
>> Were you using Apple's bundled Ruby or something you compiled?
>>
>> James Edward Gray II
>
> Apple's /usr/bin/ruby. (I'd answered before I saw your
> clarification.) I also just ran it fine with macruby.

It also seems to work in my locally compiled 1.9:

$ sudo ruby_dev -r etc -ve 'Process.uid = Etc.getpwnam("james").uid'
Password:
ruby 1.9.1 (2008-12-30 patchlevel-0 revision 21203) [i386-
darwin9.6.0]

James Edward Gray II

Ezra Zygmuntowicz

1/28/2009 4:16:00 AM

On Jan 27, 2009, at 7:06 PM, James Gray wrote:

> On Jan 27, 2009, at 9:00 PM, Rob Biedenharn wrote:
>
>> On Jan 27, 2009, at 9:34 PM, James Gray wrote:
>>
>>> On Jan 27, 2009, at 6:45 PM, Rob Biedenharn wrote:
>>>
>>>> It works for me on Ubuntu and Mac OS X also.
>>>
>>> Were you using Apple's bundled Ruby or something you compiled?
>>>
>>> James Edward Gray II
>>
>> Apple's /usr/bin/ruby. (I'd answered before I saw your
>> clarification.) I also just ran it fine with macruby.
>
> It also seems to work in my locally compiled 1.9:
>
> $ sudo ruby_dev -r etc -ve 'Process.uid = Etc.getpwnam("james").uid'
> Password:
> ruby 1.9.1 (2008-12-30 patchlevel-0 revision 21203) [i386-
> darwin9.6.0]
>
> James Edward Gray II
>

It fails for me on my self compiled ruby 1.8.6 on osx but the built
in ruby and my gentoo ruby works fine. No clue why.

-Ezra

Daniel Berger

1/28/2009 5:18:00 AM

James Gray wrote:
> Why would the super user not be able to switch UID's?
>
> $ sudo ruby -r etc -e 'Process.uid = Etc.getpwnam("james").uid'
> Password:
> -e:1:in `uid=': Operation not permitted (Errno::EPERM)
> from -e:1
>
> Tips of TFM I should go R are welcome. :)

I seem to recall that setreuid() is busted on OS X, 10.4.x anyway. I
think it's fixed in 10.5, but I can't confirm.

I know this has come up before. Check the the ruby-core archives.

Regards,

Dan

Daniel Berger

1/28/2009 2:01:00 PM

James Gray wrote:
> On Jan 27, 2009, at 5:11 PM, James Gray wrote:
>
>> Why would the super user not be able to switch UID's?
>>
>> $ sudo ruby -r etc -e 'Process.uid = Etc.getpwnam("james").uid'
>> Password:
>> -e:1:in `uid=': Operation not permitted (Errno::EPERM)
>> from -e:1
>
> Another data point on this odd issue: Apple's bundled Ruby (I'm on OS
> X) works:
>
> $ sudo /usr/bin/ruby -r etc -e 'Process.uid = Etc.getpwnam("james").uid'
> Password:
> $
>
> It's just the Ruby I built that fails. How could I have messed this up
> in the build?

Are you on 10.4.x?

If I had to guess, I'd bet Apple replaced setreuid() with seteuid(), but
that's a guess.

I've never really understood the way OS X manages users. My own account
is not in /etc/passwd, but shows up in NetInfo.

Regards,

Dan

comp.lang.ruby

Super User Can't Change UID?

James Gray

Michel Boaventura

James Gray

James Gray

Rob Biedenharn

James Gray

Rob Biedenharn

James Gray

Ezra Zygmuntowicz

Daniel Berger

Daniel Berger

x Login to ForumsZone