Home > Linux, Unix > SUID [Set User ID] – SGID – [Set Group ID]

SUID [Set User ID] – SGID – [Set Group ID]


SUID – [Set User ID]

SUID bit is set for files (mainly for scripts).
The SUID permission makes a script to run as the user who is the owner of the script, rather than the user who started it.

Example:
If “xarabas” is the owner of the script and “mandrake” tries to run the same script, the script runs with the ownership of “xarabas“.
If the root user wants to give permissions for some scripts to run by different users, he can set the SUID bit for that particular script.
So if any user on the system starts that script, it will run under the root ownership.

Note:
root user much be very carefull with this.

==================================================================================

SGID – [ Set Group ID ]

If a file is SGID, it will run with the privileges of the files group owner, instead of the privileges of the person running the program.
This permission set also can make a similar impact. Here the script runs under the groups ownership.

You can also set SGID for directories.
Consider you have given 2777 permission for a directory.
Any files created by any users under this directory will come as follows.

Example:
-rw-rw-r– 1 mandrake LP1 0 Jun 11 17:30 1.txt

In the above example you can see that the owner of the file 1.txt is “mandrake” and the group owner is “LP1“.
So both “mandrake” and “LP1” will have access to the file 1.txt.

Now lets make this more intresting and complicated.
Create a directory “test“. Chmod it to 2777. Add sticky bit to it.

Example:
mkdir test
chmod 2777 test
chmod +t test

ls -al test
drwxrwsrwt 2 xarabas LP1 4096 Jun 13 2008 test

From the above permission set you can understand that SGID and sticky bit is set for the folder “test”.
Now any user can create files under the test directory.

Example:
drwxrwsrwt 2 xarabas LP1 4096 Jun 13 2008 .
-rw-rw-r– 1 mandrake LP1 0 Jun 11 17:30 1.txt
-rw-rw-r– 1 batman LP1 0 Jun 11 17:30 2.txt
-rw-rw-r– 1 joker LP1 0 Jun 11 17:30 3.txt

So all the “xarabas” user has access to all the files under the test directory.
He can edit, rename or remove the file.
mandrake” user has access to 1.txt only, “batman” has access to 2.txt only…

If sticky bit was not set for the test directory, any user can delete any files from the test directory, since the test directory has 777 permissions.
But now it not possible.

Example:
If “joker” tries to remove 1.txt
rm -f 1.txt
rm: cannot remove ‘1.txt’: Operation not permitted

Advertisements
Categories: Linux, Unix
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: