Solaris 9 Administration Guide

Page 197

Special File Permissions (setuid, setgid, and Sticky Bits) In this section we explore three special permissions that can be set on a file: setuid, setgid, and sticky bits. Let’s clear up a possible misunderstanding before it can arise: setuid and setgid are permissions that you set, not commands that you issue. These permissions are set on an executable file or a public directory. When a user runs an executable on which any of these permissions are set, the executable file assumes the ID (UID or GID) of the owner of the file. The important point is that the user who started the execution of the file may not be the owner of the file.

The setuid Permission When setuid permission is set on an executable file, the process that executes this file is granted permissions based on the owner of this file, not the user that started the execution of this file. This will give a user an access to the files and directories (through the process that execute the file) that will normally be available only to the owner. The setuid permission can be set by using — well, your old friend, the chmod command with the following syntax: chmod <4nnn> <filename>

As an example, consider the following command: chmod 4755 speech

If you are not the owner of the file, you have to be a superuser to issue this command. This command sets these permissions on the file speech: read, write, and execute for the owner, read and execute for the group and other users; and it sets the setuid permission on the file. Now, if you issue the ls -l command on this file, the first column of the output file will look like the following: -rwsr-xr-x

Note the use of the symbol s instead of x for the owner. Now suppose a user jbrown is neither the owner of this file nor a member of the group that owns this file. Further, assume there are other files to which the owner of this file does have a write permission but jbrown does not, and this file when executed tries to access those files and write into them. Once jbrown starts executing this file, the process that executes

197

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.