DistributedNetworks DistributedNetworks


Special File Types   «Prev 

Changing identities and monitoring with ps

Here are the instructions for this simulation:
  1. Start a subshell of your login shell by typing the bash command. This will start the Bourne Again Shell.
  2. Type ps aj. The a argument for ps will list all processes except group leaders and non-terminal processes. The j argument lists process group and session IDs.
  3. Notice that the new shell has a PPID equal to the PID of your login shell. Now exit this subshell.
  4. Assume root privileges.
  5. You are now in a root shell. Type ps aj again.
  6. Notice that a new shell with a PPID equal to your login shell's PID, but with owner root (UID number 0), has been created. Sometimes switching between shells becomes confusing. Issue a command to determine authoritatively the shell in which you are operating.
    Solution: whoami
  7. Note that the output of the whoami command informs you that you are now root. Exit the root subshell.
  8. Type ls -l /usr/bin/passwd to verify that the SUID bit has been set for the passwd program. Remember: You are not viewing the SUID bit on the etc/passwd file. You are viewing it on the passwd executable in the usr/bin directory.
  9. Note that the SUID is set. If users have trouble changing their own passwords, you may have to change the file permissions using chmod. Let’s issue a command that runs the passwd command and then suspends it. Type passwd &. You should not specify your own username, because only root has the ability to specify usernames. Even if the SUID is set, you cannot use passwd as freely as a user logged on as root.
  10. Now, instead of entering your password, press CTRL+C to finish placing the passwd program into background mode.
  11. Run ps aj again.
  12. View the processes, and verify that the password command is running with root permissions. This operation might seem odd because you are not in the root shell. You started passwd with only standard user permissions. However, the SUID bit allows normal users to execute programs using some root permissions. Also, note how the ps aj command you just executed does not have a root UID. Now, bring the passwd command back into the foreground of your shell.
    Solution: fg
  13. To exit the shell without changing your password, press CTRL-C.
  14. Use the ps command with the argument that lists all processes on the system.
    Solution: ps aux
  15. According to this readout, five daemon processes are running on this particular system. UNIX marks daemon processes with a ? character.
  16. Now, issue the ps aux command, this time using a pipe and grep -c ?.
  17. You received a count of all daemon processes. Now, obtain a full listing of all the processes owned by root.
    Solution: ps aux | grep root
  18. For the purposes of this simulation, we’re showing you only a few of the processes. Normally, this listing would be quite long. Now, list all shells running on the system, using ps aux, a pipe, and grep. As part of the command, save the output to a file named loginshell.
    Solution: ps aux | grep login > loginshell
  19. Now, issue the whoami command again.