Tags:
create new tag
, view all tags
su, sudo, suid, and suexec are all methods of working around the restrictions created by the *nix system of file ownership and permissions. By definition, any of these commands create security risks, but hopefully lesser risks than simply giving the root password to everyone that needs to do a special task on occasion.

The following gives a quick summary of each (I have to recheck some of the facts -- doing this from memory) -- for more details follow the links.

su stands for "switch user" and allows you to switch your identity to that of any other user. Probably the most common is to switch to root (and later back to yourself). You will have to enter the password of that other user when you are prompted.

sudo stands for "switch user and do" (I made that up -- maybe it's true or close?) -- if you are listed in a special file (/etc/sudoers) with permissions to execute tasks that are normally done by another user, you can execute those tasks by issuing commands in the form: sudo <command_normally_done_by_root>. When prompted, you will have to enter your password.

suid stands for "switch user ID" and is a special bit in the file permissions (4000 or "s" in place of the x for ...). By setting this bit, the executable file (or script) with this permission bit set runs with the permissions of the owner of the file. Thus, root could create a script to shutdown the computer (for example), keep itself as owner but allow you to execute it (by appropriate permissions). When you execute the file, it executes as if it had root permissions.

sguid stands for "switch group user ID" and is analogous to suid except that the program or file executes with the permissions of it's group owner. The file permission bit is 8000 or "s" in place of the x for ...

suexec is a special wrapper for Apache that allows cgi or php commands to be executed under the identity of a different user.

See:

<Currently, no significant content below this line.>

Contents

Notes

Contributors

  • () RandyKramer - 11 Mar 2003
  • <If you edit this page: add your name here; move this to the next line; and include your comment marker (initials), if you have created one, in parenthesis before your WikiName.>

Page Ratings

Topic revision: r1 - 2003-03-11 - RandyKramer
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look