Find it

Wednesday, September 23, 2009

My BIG Time FEAR.... Set user ID, set group ID, sticky bit. FIGHT YOUR FEAR

It's a shame to say that I have real BIG time fear with Set user ID, set group ID, sticky bit. I don't know why but I see myself very poor at remebering about this topic, now I decided to fight my fear and writing one small informational document on this.

What is Sticky bit?

It was used to trigger process to "stick" in memory after it is finished, now this usage is obsolete. Currently its use is system dependant and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have "write" access to like /tmp.

How to set it up?

# chmod 1777 world_write
# ls -ld world_write
drwxrwxrwt 2 ignatz staff 512 Jul 15 15:27 world_write

What is SUID or setuid?

Change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed.

For example, the setuid permission on the passwd command makes it possible for users to change passwords.

$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 22960 Jul 17 2006 /usr/bin/passwd

How to set it up?

# chmod 2551 dbprog2
# ls -l dbprog2
-r-xr-s--x 1 db staff 24576 May 6 09:30 dbprog2

What is SGID or setgid?

Change group ID on execution. Same as above, but inherits rights of the group of the owner of the file. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file).

How to set it up?

# chmod 4555 dbprog
# ls -l dbprog
-r-sr-xr-x 1 db staff 12095 May 6 09:29 dbprog

Hope by this medium I will always keep this in mind. Blogging helps me a lot!!!

No comments:

Post a Comment