Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: setuid and guid
Operating Systems Solaris setuid and guid Post 302193956 by Smiling Dragon on Monday 12th of May 2008 12:53:24 AM
Old 05-12-2008
Setting the sticky bit on a file instructs the kernel to not swap it out when running, it's seldom used these days.

Setting the sticky bit on a directory, however, instructs the filesystem to only allow a file to be deleted by it's owner, regardless off the write permissions the directory has set. This enables one to allow world write on a directory without allowing one user to interact with another user's files beyond the individual file's permissions. It's great for any directory where multiple users need to create files but you don't want one to delete another's.

A file that is setuid will, if executed, run with the permissions and id of the owner of the file (not necessarily the user logged in). This allows multiple users to share data or to escalate (or downgrade) rights.
It should be used with caution however as any bugs in the script or binary could be exploited to perform unintended tasks as the file owner. Anything forked off by the running executable will also inherit it's parent's rights so be careful of complex apps like vi, emacs etc that can start independant shells.

Setuid on a directory would normally cause any files created within that directory to be owned by the directory owner but this is disabled by default in solaris.

Setgid on a file does nothing on solaris as far as I know.

Setgid on a directory causes any files created to have their primary group set the the same group as the parent directory. It generally (depending on config and solaris revision) also sets the setgid bit on any subdirectories created.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

setuid

I have a C wrapper programme which basically execute a shell script. The shell script has 700 as permission and oracle is owner of the shell script. The C execuatble has 4711 permission so that means that it has setuid bit set and group and others can execute the C executable. The reason why I am... (2 Replies)
Discussion started by: sanjay92
2 Replies

2. UNIX for Dummies Questions & Answers

setuid

could u plz give me clear idea of spcial permissions setuid,getuid and striky bit . (1 Reply)
Discussion started by: Prem
1 Replies

3. UNIX for Dummies Questions & Answers

what is SUID/GUID bits in UNIX/Solaris

Hi, I have a Oracle Database on Solaris 5.10 . Following file are showing with SUID/GUID bits . -rwsr-xr-x root dba /optware/oracle/10.2.0.2/db/bin/extjob What will happen if this is changed to oracle dba . I need to know the will there be a effect if the owner of extjob is... (3 Replies)
Discussion started by: reply2soumya
3 Replies

4. UNIX for Advanced & Expert Users

preserve guid:uid tar / cp

hello, i've a backup of a xen image which was tar'ed. i extracted the tarfile with --preserve and moved it to the lvm partition useing cp -p to preserve the ownership informations of the files in this step too. but unfortunatly after extracting the archive some uid and guids which are present... (5 Replies)
Discussion started by: coffeecup
5 Replies

5. UNIX for Dummies Questions & Answers

what is SUID,GUID and Sticky bit?

Dear all, what is SUID,GUID and Sticky bit permission? can anyone gave me explanation with example? thanks in advance.. (2 Replies)
Discussion started by: masthan25
2 Replies

6. AIX

LEARNING AIX - PLS GUID MY BRO 'S & SISTERS !

Hi, I am harsath , am new to UNIX- Aix ust started to learning , interested in working with servers , is it necessary to know shell scripting before learning aix, will i get job only if i know aix .... pls reply..... Thanks in advance.... (2 Replies)
Discussion started by: harsath24330
2 Replies

7. Shell Programming and Scripting

Need some help extracting a GUID from file

I'm fairly new to scripting, and need some help in extracting a piece of data from some output I have. This is what the original output looks like: .--------------------------------------------------------------------------------------. | GUID | C1 | C2 ... (3 Replies)
Discussion started by: Akilleez
3 Replies

8. UNIX for Dummies Questions & Answers

Difference between normal Execute permission and GUID

Hi, Any can explain the difference between the normal execute permission for the file and GUID of the file. Since the normal execute permission has right to execute file why there is need of providing GUID for the same file. Also share some examples for SUID and SGID programs. Regards... (3 Replies)
Discussion started by: ksgnathan
3 Replies

9. UNIX for Dummies Questions & Answers

tar file help and uid guid?

when I executed tar xvf jre-7u7-soloris-i586.tar.gz it created the last entry with user as 10 and group as 143. When I execute the cd to the jrel directory I get directory not found error. Not sure why this is happening. I am in the root account just trying to install Java Enterprise. ... (2 Replies)
Discussion started by: Fingerz
2 Replies

10. UNIX for Beginners Questions & Answers

What keeps me from abusing setuid(0) and programs with setuid bit set?

Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ? So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ? ... (2 Replies)
Discussion started by: sreyan32
2 Replies

LEARN ABOUT MOJAVE

strmode

STRMODE(3)						   BSD Library Functions Manual 						STRMODE(3)

NAME

     strmode -- convert inode status information into a symbolic string

LIBRARY

     Standard C Library (libc, -lc)

SYNOPSIS

     #include <string.h>

     void
     strmode(int mode, char *bp);

DESCRIPTION

     The strmode() function converts a file mode (the type and permission information associated with an inode, see stat(2)) into a symbolic
     string which is stored in the location referenced by bp.  This stored string is eleven characters in length plus a trailing NUL.

     The first character is the inode type, and will be one of the following:

	   -	 regular file
	   b	 block special
	   c	 character special
	   d	 directory
	   l	 symbolic link
	   p	 fifo
	   s	 socket
	   w	 whiteout
	   ?	 unknown inode type

     The next nine characters encode three sets of permissions, in three characters each.  The first three characters are the permissions for the
     owner of the file, the second three for the group the file belongs to, and the third for the ``other'', or default, set of users.

     Permission checking is done as specifically as possible.  If read permission is denied to the owner of a file in the first set of permis-
     sions, the owner of the file will not be able to read the file.  This is true even if the owner is in the file's group and the group permis-
     sions allow reading or the ``other'' permissions allow reading.

     If the first character of the three character set is an ``r'', the file is readable for that set of users; if a dash ``-'', it is not read-
     able.

     If the second character of the three character set is a ``w'', the file is writable for that set of users; if a dash ``-'', it is not
     writable.

     The third character is the first of the following characters that apply:

     S	   If the character is part of the owner permissions and the file is not executable or the directory is not searchable by the owner, and
	   the set-user-id bit is set.

     S	   If the character is part of the group permissions and the file is not executable or the directory is not searchable by the group, and
	   the set-group-id bit is set.

     T	   If the character is part of the other permissions and the file is not executable or the directory is not searchable by others, and the
	   ``sticky'' (S_ISVTX) bit is set.

     s	   If the character is part of the owner permissions and the file is executable or the directory searchable by the owner, and the set-
	   user-id bit is set.

     s	   If the character is part of the group permissions and the file is executable or the directory searchable by the group, and the set-
	   group-id bit is set.

     t	   If the character is part of the other permissions and the file is executable or the directory searchable by others, and the ``sticky''
	   (S_ISVTX) bit is set.

     x	   The file is executable or the directory is searchable.

     -	   None of the above apply.

     The last character will always be a space.

SEE ALSO

     chmod(1), find(1), stat(2), getmode(3), setmode(3)

HISTORY

     The strmode() function first appeared in 4.4BSD.

BSD
								   July 28, 1994							       BSD
All times are GMT -4. The time now is 06:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy