Tags:
create new tag
, view all tags
The suid bit is one of the extra permission bits for a Linux file. In octal form it is 4000, in character form it is indicated by an "s" where the x (executable) for owner permissions would be: -rwsrw-rw-

Suid stands for "set user id" and, if set on an executable file, the executable runs with the permissions and privileges of the owner of the file, rather than the user who invoked the executable. The most common use is to set the user id as root, because root usually has the most capabilities.

When set, the program has many of the same capabilities that the other user has, including:

  • For example, if set user id root, a program (script) can chown and chgrp other files.

(Note: I think the previous list is a little different than (just) the file permissions -- I think if you run suid you also get things like root's environment variables -- I need to confirm this.)

Unfortunately, I cover things like suid on several different pages -- I should develop one page as the "authoritative" page and link all others to it.

See also sudo.

See AboutThesePages.

Contents

Notes

Comments about my first suid file (comments from /home/dad/bin/ipr_getmail.scr):

#       # rhksendmailq is a file in /bin with permissions -rwsr--r-x root root
#       #   (i.e., owned by root, executable by anyone, and suid)
#       #   containing /usr/sbin/sendmail -q > /home/dad/temp.txt
#       # to make it more secure, I should consider making it executable by the
#       #   dad group only (or similar)
#       rhksendmailq # kick mail queue

Ok, to make a shutdown command that allows non-root users to shut down the machine, try this:

  • Create a file in /bin named (e.g.) shutdown.scr containing one line shutdown -h now
  • chown the file to root.root (maybe try a group later, to make it more secure)
  • chmod the file to 4755

This is probably OK on the private (no connection to the Internet) church school LAN, but I should consider making it more secure:

Thinking out loud:

  • create a user account for Val (I can do that)
  • create an admin user group and include Val in the group (hmm, need to think about this, not sure how -- maybe linuxconf will help me muddle through)
  • chown root.admin /bin/shutdown.scr
  • chmod 4750 /bin/shutdown.scr

Resources


Contributors

  • RandyKramer - 06 Apr 2002
  • <If you edit this page, add your name here, move this to the next line>

Page Ratings

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2002-11-06 - RandyKramer
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look