7.6 Special File Permissions

Previous page
Table of content
Next page
   

There are three types of special file attributes: set user ID ( SETUID ), set group ID ( SETGID ), and sticky bit . In the general case, if a user executes a file owned by someone else, the process created in memory is owned by the user who executes the file. In the case of SETUID , the process created is owned by the owner of the file. A similar rule is applicable in the case of the SETGID bit. The sticky bit is used to protect files in that directory.

SETUID and SETGID

We use the chmod command to set these special permissions to a file. If you are using a symbolic method, use u+s for setting SETUID and g+s for setting SETGID . In case you use octal numbers , add a fourth octal digit on the left-hand side of the file permissions. Digit 4 represents SETUID and 2 represents SETGID . Examples of symbolic and octal number use are given below. 

 $  ll file1  -rwxrwxrwx   1 boota   users     0 Sep  8 18:06 file1 $  chmod u+s file1  $  ll file1  -rwsrwxrwx   1 boota   users     0 Sep  8 18:06 file1 $  chmod 2777 file1  $  ll file1  -rwxrwsrwx   1 boota   users     0 Sep  8 18:06 file1 $

As you can see, " x " is replaced by " s " in the file permission representation with either SUID or SGID .

The SUID bit plays an important role when you want to execute a program with higher privileges. For example, when you change your password, you modify the /etc/passwd file. Only root has permission to modify this file, so how can every system user modify it? This becomes possible because the command you use for a password change ( /bin/passwd ) is owned by root and has the SETUID bit set. So whenever any user executes this command, the command runs as root and has the privilege to modify the /etc/passwd file.

This also causes a great security problem. For example, if you have a program with the SUID bit set, anybody executing that program gets the privileges of the owner of the program during the execution of that program. Now, if by chance you also allow write permission to that program file, someone can change the contents of the program and execute it with the owner privilege. Just imagine if someone has write permission to a file owned by root and the SETUID bit is in place, the user can change its contents with some other command to damage the whole file system!

Sticky Bit

The sticky bit is represented by " t " and can be set using the chmod command with the u+t symbolic method or 1 (one) in the fourth digit position of octal numbers. One example is: 

 $  ll file1  -rwxrwxrwx   1 boota   users     0 Sep  8 18:06 file1 $  chmod u+t file1  $  ll file1  -rwsrwxrwt   1 boota   users     0 Sep  8 18:06 file1 $

The use of the sticky bit for directories has a significant advantage. If the sticky bit for a directory is set, users can use that directory as a public area for file sharing. Any file present in a directory with the sticky bit set can only be deleted by the owner of the file. It may be useful to set the sticky bit for the /tmp directory where users can safely put and delete their temporary or sharable files.

   
Top

Previous page
Table of content
Next page
HP Certified
HP Certified: HP-UX System Administration
ISBN: 0130183741
EAN: 2147483647
Year: 2000
Pages: 390
Authors: Rafeeq Rehman
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Oracle Developer Forms Techniques
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy