To change a file permission the “chmod” command is used. This command has the following format in Solaris:
chmod [-fR] <permissions> <fileName>
-f : Is to force, if there is an error, nothing is displayed.
-R : Does the change recursivelly.
But let go to the point, the setuid bit permits that the process, produced by executing the program, has granted the permissions based on the owner of the file (not the permissions from the user that executed the program).
The same occurs with setgid, the group permissions from the file are used for the process.
This is usefull to give a normal user, access to a resource he would not be able to access, through the execution of the program. This is also a security flaw, imagine if the file’s owner is root, this is usually the kind of files the intruders search for, and they look also for a programming defect, and try to exploint that problem.
Sticky Bits
To improve security, the Sticky Bits come to rescue. They prevent that the user do not deletes files that he do not owns.
Setting setuid
chmod 4755 testProgram
The permissions would look like: rwsr-xr-x
Setting setgid
chmod 2755 testProgram
The permissions would look like: rwxr-sr-x
Setting setuid/setgid
chmod 6755 testProgram
The permissions would look like: rwsr-sr-x
Setting Sticky Bits to a directory
chmod 1777 testProgram
The permissions would look like: drwxrwxrwt
1 user commented in " Difference between setuid / setgid / sticky bits "
Follow-up comment rss or Leave a Trackback[...] Difference between Real and Effective ID Posted in August 25th, 2008 by Lamagna Walter in Administration, Security When processes are managed, two concepts come up, they are the Real and the Effective ID of the process. To detail the difference, you have to understand the Difference between setuid / setgid / sticky bits. [...]
Leave A Reply