Sunday, November 16, 2014

Access Modes – setgid, setuid and Sticky bits

Share it Please
When ever we log into the system , a shell is started. While working there are many files that belong to many other users who have created them and we don’t have permissions to do any thing on this. Consider the case of a file /etc/passwd , this is a password file maintained by linux kernel for storing the user password. This file permission is set to change for only root user. So now consider when a different user want to change his password , the password should be updated in this file but if the file has only permission for root then how can the newly password will update this file.

[root@localhost templer]# ls -lart /etc/passwd
-rw-r--r--. 1 root root 2196 Aug 27 19:47 /etc/passwd

Suid and sgid
The linux permission model has 2 special cases modes called suid(set user ID) and sgrid (set Group ID). When a program is set with suid access , it will run the file as if it had been started by the file owner rather than the user who started that. Similarly with the sgid access mode set , the program will run as if it is running by a user who belong to the file group rather than his own group.

We can use chmod command by adding a ‘4’ at the beginning of the permission for suid as
Chmod 4755 test_file

Now once we check the file we see

[root@localhost templer]# chmod 4755 hello
[root@localhost templer]# ll
total 0
-rwsr-xr-x 1 root root 0 Nov 14 15:09 hello

Similarly we can add ‘2’ at the beginning of the permission for sgid as
Chmod  2755 test_file

Now once we check the file we see

[root@localhost templer]# chmod 2755 hello
[root@localhost templer]# ll
total 0
-rwxr-sr-x 1 root root 0 Nov 14 15:09 hello

Sticky Bit
Linux directory access permissions define that if a user has write permissions on a directory he can rename or remove the files in that directory even though the files does not belong to that him. So When the owner of the directory sets a Sticky bit , the files cannot be either renamed or removed by any user (leaving the owner and root)

chmod +t /tmp   to set the sticky bit
chmod -t /tmp   to remove the sticky bit
        or
chmod 1755 /tmp  prefix a '1' to set the sticky bit


No comments :

Post a Comment