Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

At work, I have a Redhat Linux and

Status
Not open for further replies.
newtounix

newtounix

MIS
Jan 22, 2002
4
US
At work, I have a Redhat Linux and a Solaris machine. I try to understand how suid and sgid work. I think SUID and SGID are the types of permissions that authorized a non-owner of that file to have execute permission. I would like to learn in more details how it works, such as how to set the permission bits, etc. I don't think there is any difference between a solaris and linux machine -- if there is any difference, please let me know.

Nice day
Mary
 
Sort by date Sort by votes
Difference as far as suid and sgid or difference in general?

suid and sgid work like this:

while the suid/sgid command is executing, your effective id (euid) is that of the owner of the file (or egid if sgid of course).

It's not authorizing you to have execute permission- you need your own execute permission to run this, but WHILE it's running, your EUID (EGID) changes.

Typically this is used so that you (within that program) can have access to resources that you (outside of that program) don't have access to.

For example, wee have a file owned by "dbmgr" with -rwx------" permissions. You can't read or write to that. But if we have a suid program owned by "dbmgr", and you have permission to run (execute) that program, it can read and write the rwx------ file.

Hope that helps.

One last thing- most systems do NOT allow shell scripts to be suid- you can usually apply the perm, but it is meaningless. There are good reasons for this (security aspects)



Tony Lawrence
SCO Unix/Linux Resources tony@pcunix.com
 
Upvote 0 Downvote
Hi,

setgid is frequently used on directories to enforce the group ownership of files created in that directory. Otherwise, users who belong to multiple groups set, by default, the groupid of their primary group when they create files. This means files in a directory can have different groupids and this fact can then cause difficulties for people on the same project who are not members of the other group(s). This use of setgid is for project management purposes rather than for acquiring access permissions when running an executable.

Hope this helps

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
654
gbaughma
gbaughma
kristiandg
  • Locked
  • Question
Linux, "port mirror" between two boxes...
Replies
0
Views
229
kristiandg
kristiandg
Steve Bowman
  • Locked
  • Question
I have a Debian server (buster) I h
Replies
0
Views
143
Steve Bowman
Steve Bowman
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
286
SamBones
SamBones
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
145
bhuv560
bhuv560

Part and Inventory Search

Sponsor

Back
Top