restart-aolserver
is a perl script which finds the pid for an AOLserver process and kills the process. Initially I had the permissions set incorrectly on this file, like so:
-rwxr-sr-x 1 root users 378 Dec 13 17:21 restart-aol
With these settings, the script works if run as root, or the real user of the AOLserver process, but not for any other members of the group the process is running as.
This confused me, and then I realized that the file permissions needed an 's' on the user. Once I did this I discovered that the script was failing with the following output:
Can't do setuid
I wrote a simple test script which seems to indicate that the setuid operation is failing. The script works on RH 7.3, where restart-aolserver also works as expected. Here is the script:
#!/usr/bin/perl
use strict;
undef %ENV;
$ENV{'PATH'} = '/sbin:/bin';
print "real UID: $< \n";
print "effective UID: $> \n";
$< = $>; # set realuid to effective uid (root)
print "Set real to effective uid\n";
print "real UID: $< \n";
print "effective UID: $> \n";
When run as a member of the 'users' group, the program will produce output similar to the following:
real UID: 515
effective UID: 0
Set real to effective uid
real UID: 0
effective UID: 0
When the script fails it produces the following output instead:
Can't do setuid
I think the problem is on RedHat the rpm perl-suidperl is now not installed by default.
One link to the issue is
http://www.sympa.org/fom-serve/cache/207.html
I have installed this package, but don't yet know what to include so it works.
However, assuming I get this to work, I think the permissions on the restart-aolserver file can be downgraded so that the program doesn't run as root, but just the owner of the AOLserver process. All this script does is to remove the pid file and kill the server. It doesn't have to be root to do this. In fact this was working because of the incorrect pemissions I was using on the file. Anyone have ideas on how to get the suidperl package to work?