Kbase 17896: Why Progress requires their executables to be owned by ROOT and have the SETUID bit set.
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
19/03/2009 |
|
Status: Verified
GOAL:
Why Progress requires their executables to be owned by ROOT and have the SETUID bit set.
GOAL:
Why do we need SUID progress executables?
GOAL:
What are the reasons that we require SUID?
FACT(s) (Environment):
UNIX
Linux
Progress/OpenEdge Product Family
FIX:
All Progress executable must be owned by root, and most of them require permissions to be set to 4775, which means that the SETUID bit is switched on.
The SETUID bit is necessary on Progress executables for the following reasons:
So Progress can override the ulimit setting for maximum file size. Progress raises the limit to ensure that the database files can grow to the 2 GB size limit.
The broker and other processes must send signals to all processes that are connected to the database, regardless of which user the processes belong to.
Permission settings on the database files can be set such that a normal user cannot access them.
When a self-service client is started, Progress must be able to open the database even though the particular user account might not allow it. After the self-service client has initialized itself and opened any databases specified on the command line, Progress changes the UID to the user UID.
Self-service clients lower their UID after initialization and before any 4GL code is executed. Servers, brokers, and utilities do not lower the UID.