Understanding Set User ID and Set Group ID Permissions

Another type of permission is "set user ID", known as suid, and "set group ID" (sgid) permissions. These settings, when used in a program, enable any user running that program to have program owner or group owner permissions for that program. These settings enable the program to be run effectively by anyone, without requiring that each user's permissions be altered to include specific permissions for that program.

One commonly used program with suid permissions is the passwd command: $ ls -l /usr/bin/passwd

-r-s--x--x 1 root root 13536 Jan 12 2000 /usr/bin/passwd

This setting allows normal users to execute the command (as root) to make changes to a root-only accessible file, /etc/passwd.

You also can assign similar permission using the chfn command. This command allows users to update or change finger information in /etc/passwd. You accomplish this permission modification by using a leading 4 (or the mnemonic s) in front of the three octal values.

Was this article helpful?

0 0

Post a comment