setGID, ldd and library not found

Today I was bewildered by a very unusual problem. Maybe this will help someone else with the same problem !

I was running an executable as myself and it was working perfectly. I had to run it as root to access some protected directories, so I used sudo:

sudo myprogram

I got

error while loading shared libraries: libsomething.so: cannot open shared object file: No such file or directory

Ok, this must be because sudo won’t use the LD_LIBRARY_PATH that I defined, so I try:

sudo -E myprogram

Same error… Ok, I will try to check what’s going on as root, with ldd.

sudo bash
export LD_LIBRARY_PATH=/path/to/my/lib/
ldd myprogram
      libsomething.so  -> /path/to/my/lib/libsomething.so
# Ok ! Everything works as expected, I can run the program
./myprogram
error while loading shared libraries: libsomething.so: cannot open shared object file: No such file or directory

ldd finds all necessary libraries, but the executable still fails to run because it cannot find a library ??

Ok, maybe I don’t have the rights to read or execute the library or the directories in its path ?

chmod -R a+rX /mydirectory does not change anything, even though any user can now access the libsomething.so file.

After a LOT of searching around, I found an explanation : if your executable or library is setuid or setgid, because of security implications, LD_LIBRARY_PATH won’t be used !

Finally, I did a find /mydirectory -type f -exec chmod g-s {} \; to remove the setGID bit on all files (but keeping it on directories). SetGid bit was set to force new files to  belong to the directory’s group : it was only necessary to setgid the directories, not the files !

 

 

 

This entry was posted in TechTips. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

*