05-12-2008
Setting the sticky bit on a file instructs the kernel to not swap it out when running, it's seldom used these days.
Setting the sticky bit on a directory, however, instructs the filesystem to only allow a file to be deleted by it's owner, regardless off the write permissions the directory has set. This enables one to allow world write on a directory without allowing one user to interact with another user's files beyond the individual file's permissions. It's great for any directory where multiple users need to create files but you don't want one to delete another's.
A file that is setuid will, if executed, run with the permissions and id of the owner of the file (not necessarily the user logged in). This allows multiple users to share data or to escalate (or downgrade) rights.
It should be used with caution however as any bugs in the script or binary could be exploited to perform unintended tasks as the file owner. Anything forked off by the running executable will also inherit it's parent's rights so be careful of complex apps like vi, emacs etc that can start independant shells.
Setuid on a directory would normally cause any files created within that directory to be owned by the directory owner but this is disabled by default in solaris.
Setgid on a file does nothing on solaris as far as I know.
Setgid on a directory causes any files created to have their primary group set the the same group as the parent directory. It generally (depending on config and solaris revision) also sets the setgid bit on any subdirectories created.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script.
The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable.
The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies
2. UNIX for Dummies Questions & Answers
could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies
3. UNIX for Dummies Questions & Answers
Hi,
I have a Oracle Database on Solaris 5.10 .
Following file are showing with SUID/GUID bits .
-rwsr-xr-x root dba /optware/oracle/10.2.0.2/db/bin/extjob
What will happen if this is changed to oracle dba .
I need to know the will there be a effect if the owner of extjob is... (3 Replies)
Discussion started by: reply2soumya
3 Replies
4. UNIX for Advanced & Expert Users
hello,
i've a backup of a xen image which was tar'ed. i extracted the tarfile with --preserve and moved it to the lvm partition useing cp -p to preserve the ownership informations of the files in this step too.
but unfortunatly after extracting the archive some uid and guids which are present... (5 Replies)
Discussion started by: coffeecup
5 Replies
5. UNIX for Dummies Questions & Answers
Dear all,
what is SUID,GUID and Sticky bit permission?
can anyone gave me explanation with example?
thanks in advance.. (2 Replies)
Discussion started by: masthan25
2 Replies
6. AIX
Hi,
I am harsath , am new to UNIX- Aix ust started to learning , interested in working with servers , is it necessary to know shell scripting before learning aix, will i get job only if i know aix ....
pls reply..... Thanks in advance.... (2 Replies)
Discussion started by: harsath24330
2 Replies
7. Shell Programming and Scripting
I'm fairly new to scripting, and need some help in extracting a piece of data from some output I have. This is what the original output looks like:
.--------------------------------------------------------------------------------------.
| GUID | C1 | C2 ... (3 Replies)
Discussion started by: Akilleez
3 Replies
8. UNIX for Dummies Questions & Answers
Hi,
Any can explain the difference between the normal execute permission for the file and GUID of the file.
Since the normal execute permission has right to execute file why there is need of providing GUID for the same file.
Also share some examples for SUID and SGID programs.
Regards... (3 Replies)
Discussion started by: ksgnathan
3 Replies
9. UNIX for Dummies Questions & Answers
when I executed tar xvf jre-7u7-soloris-i586.tar.gz it created the last entry with user as 10 and group as 143. When I execute the cd to the jrel directory I get directory not found error. Not sure why this is happening. I am in the root account just trying to install Java Enterprise.
... (2 Replies)
Discussion started by: Fingerz
2 Replies
10. UNIX for Beginners Questions & Answers
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
Discussion started by: sreyan32
2 Replies
LEARN ABOUT MOJAVE
strmode
STRMODE(3) BSD Library Functions Manual STRMODE(3)
NAME
strmode -- convert inode status information into a symbolic string
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <string.h>
void
strmode(int mode, char *bp);
DESCRIPTION
The strmode() function converts a file mode (the type and permission information associated with an inode, see stat(2)) into a symbolic
string which is stored in the location referenced by bp. This stored string is eleven characters in length plus a trailing NUL.
The first character is the inode type, and will be one of the following:
- regular file
b block special
c character special
d directory
l symbolic link
p fifo
s socket
w whiteout
? unknown inode type
The next nine characters encode three sets of permissions, in three characters each. The first three characters are the permissions for the
owner of the file, the second three for the group the file belongs to, and the third for the ``other'', or default, set of users.
Permission checking is done as specifically as possible. If read permission is denied to the owner of a file in the first set of permis-
sions, the owner of the file will not be able to read the file. This is true even if the owner is in the file's group and the group permis-
sions allow reading or the ``other'' permissions allow reading.
If the first character of the three character set is an ``r'', the file is readable for that set of users; if a dash ``-'', it is not read-
able.
If the second character of the three character set is a ``w'', the file is writable for that set of users; if a dash ``-'', it is not
writable.
The third character is the first of the following characters that apply:
S If the character is part of the owner permissions and the file is not executable or the directory is not searchable by the owner, and
the set-user-id bit is set.
S If the character is part of the group permissions and the file is not executable or the directory is not searchable by the group, and
the set-group-id bit is set.
T If the character is part of the other permissions and the file is not executable or the directory is not searchable by others, and the
``sticky'' (S_ISVTX) bit is set.
s If the character is part of the owner permissions and the file is executable or the directory searchable by the owner, and the set-
user-id bit is set.
s If the character is part of the group permissions and the file is executable or the directory searchable by the group, and the set-
group-id bit is set.
t If the character is part of the other permissions and the file is executable or the directory searchable by others, and the ``sticky''
(S_ISVTX) bit is set.
x The file is executable or the directory is searchable.
- None of the above apply.
The last character will always be a space.
SEE ALSO
chmod(1), find(1), stat(2), getmode(3), setmode(3)
HISTORY
The strmode() function first appeared in 4.4BSD.
BSD
July 28, 1994 BSD