Thursday, March 31, 2011

Linux and SETUID (SETGID, Sticky bit)

Every file in Linux has read, write and execute rights for the owner, group and others. Besides those attributes there are 3 extra attributes setuid, setgid and sticky bit.
1) The setuid attribute is meaningful for executable files. If this bit is set then the user ID would be set as that of the owner of executable rather than the current user. For example the sudo tool owner is root and the setuid bit is set on, and when another user run this program, it will be executed as root. If set off the setuid attribute, then the sudo tool will not work, because it will run as a normal user without root permissions.

 2) Setgid attribute is the analog to setuid, but for group ID.

3) In Linux sticky bit is meaningful for directories only(in old *nix systems it had another meaning also). If this bit is enabled on directory then the files in that directory may only be deleted or renamed by root or by their owner.

One more sample related to setuid

No comments:

Post a Comment