Setting SetUID Bit
When the setuid bit is set, it allows a normal user to run a program with higher user privileges. An example of the setuid bit is the program /usr/bin/passwd. the file permissions on this file are -rwsr-xr-x. When you set or update your password with the passwd program has to update files in the /etc directory where you do not have write or modify permissions to do so. The passwd program has the setuid bit set 's' so when you do update your password, you will be able to write the new config to /etc/passwd and /etc/shadow file as if you were the root user.
sam@asus:~/unix% chmod u+s prog sam@asus:~/unix% ls -l prog -rwsrwxr-x 1 sam sam 0 Apr 8 12:21 prog sam@asus:~/unix%
The ‘s’ in ‘-rwsrwxr-x’ tells us the setuid bit is set for this program
Setting SetGID Bit
The setguid allows access to both directories and files with elevated privileges. The difference here is that the file will be ran with the permissions of the group class of users whom own the file not the user running the process.
The files where the setgid bit is set allows users who are in the groups user class to create and execute files there. While any other user will just have write and execute permissions on those files except, they will not own the files in the directory.
sam@asus:~/unix% chmod g+s docs/ sam@asus:~/unix% ls -l drwxrwsr-- 2 sam sam 4096 Apr 4 20:11 docs sam@asus:~/unix%
The ‘s’ tells us the setgid bit is set for this directory
drwxrwxrwt 11 root root 4096 Apr 8 12:21 tmp
No comments:
Post a Comment