nddt
07-17-2001, 06:32 AM
Can you explain me more about SIUD, SGID and sticky bit? When should we use them? What is the basic difference between 755 and 4755 permissions? Please tell me!
Thanks a lot.
Thanks a lot.
Click to See Complete Forum and Search --> : What are the SIUD, SGID and sticky bit?
nopun
07-17-2001, 08:22 AM
SUID/SGID (set user id/set group id) are special permission flags used on executable files, they show up as "s" in the file permissions in the user and group sections respectively. The other important attributes for these files are the owner/group.
When you run one of these files, it runs as though it had been run by it's owner or group. (ie it will have permission to access the same areas that owner or group has)
A SUID of root is often used if the program needs to have priviledged access that a normal user doesn't have. Making a program SUID of root is considered a major security risk, however. If the program has vulnerabilities that can be exploited, a user could gain root access via this program. Therefore, binaries should only be made SUID root if they HAVE to be (and there will be some on your system, can't think of any off the top of my head) and making a script SUID is definite no no.
The sticky bit "t" is often found on tmp directories. Users are given full access to the directory (ie create, modify and delete files within, individual permissions permitting) but the sticky bit prevents users from deleting any files other than those that they own.
I hope that makes sense.. kinda
When you run one of these files, it runs as though it had been run by it's owner or group. (ie it will have permission to access the same areas that owner or group has)
A SUID of root is often used if the program needs to have priviledged access that a normal user doesn't have. Making a program SUID of root is considered a major security risk, however. If the program has vulnerabilities that can be exploited, a user could gain root access via this program. Therefore, binaries should only be made SUID root if they HAVE to be (and there will be some on your system, can't think of any off the top of my head) and making a script SUID is definite no no.
The sticky bit "t" is often found on tmp directories. Users are given full access to the directory (ie create, modify and delete files within, individual permissions permitting) but the sticky bit prevents users from deleting any files other than those that they own.
I hope that makes sense.. kinda
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.