Hi All,

This is actually a good interview question.

On linux, the permissions and group for 'shutdown' and 'cat' is the same.

-rwxr-xr-x 1 root root 18K 2008-05-21 10:43 shutdown
-rwxr-xr-x 1 root root 17K 2007-01-30 19:51 cat

Then why is it that a normal user cannot run the 'shutdown' command ?

I've done some searching and I think it has something to do with SUID.
The 'shutdown' command calls the seteuid(0) where as the 'cat' command does not.

Is this correct ? Could someone please verify? Also is there a list of commands which can only be run by su even though the permissions are the same? I mean how can we know?
Thanks.

Since there is no SETUID bit set, as you can see yourself looking at the permissions, I think it is the binary itself checking who is executing it. If you try different binaries in /sbin as a non root user you get different output, so it seems not to be a system wide mechanism.

Here is a good explanation for SETUID bit etc., 6.2:

Linux permissions

The following:

/sbin/halt

in suse uses geteuid. If it's not superuser it reportsL
halt: must be superuser.

This happen because your normal user can't setuid to 0. Try this and see why you cannot run successfully shutdown with normal user:

$ strace shutdown

and

# strace shutdown

Yes, shutdown uses this, I was reporting halt. Thanks.

$ strace ./shutdown

execve("./shutdown", ["./shutdown"], [/* 16 vars */]) = 0
.
. *****text omitted*****
.
getuid32() = 8218
geteuid32() = 8218
setuid32(8218) = 0
getuid32() = 8218
write(2, "shutdown: you must be root to do"..., 39shutdown: you must be root to do that!
) = 39
exit_group(1) = ?
Process 6144 detached
*************************************************

$ ./shutdown
shutdown: you must be root to do that!


Wow. Thanks dude. Never knew such a command existed even.