Why user has permissions to execute 'init 0'?

wolfgang · August 3, 2010, 11:47pm

Hi all.
On one workstation run Solaris 10 a simple user can to execute 'init 0' command without input (su and root password).
Example:

% init 0
%
OK

I don't understand how user can execute 'init 0' command on this workstation?

1) I checked /usr/local/etc/sudoers all lines are commented.

2) I checked RBAC.

%roles
no roles

3) init permissions

  
/sbin:
-r-sr-sr-x         1   root    sys        init

/etc:
lrwxrwxrwx  1    root     root       init -> ../sbin/init

What I must check yet?

Mack1982 · August 4, 2010, 12:48am

might be because of the "s" permissions. The command, though is initiated by a regular user, is executed as root.
Try changing it to the default r-xr-xr-x root sys

wolfgang · August 4, 2010, 1:17am

Is default permissions of /sbin/init -r-xr-xr-x???

hergp · August 4, 2010, 1:35am

That's right, the defaults for /sbin/init are: User = root, Group = sys, Mode = 0555 (r-xr-xr-x).

wolfgang · August 4, 2010, 2:14am

It seems, if I will change permissions /sbin/init to -r-sr-sr-x only, on any workstation.
Will any user can execute 'init 0' command?

Mack1982 · August 4, 2010, 4:13am

I tried on my workstation, bootadm will not execute the command unless you are the root user

jlliagre · August 4, 2010, 4:53am

Yes, that's the very purpose of the setuid bit on executables.