Intro to setuid and setgid
What are setuid and setgid
setuid and setgid are linux file permissions. When a file has one or both of these permissions and is executed, the file is executed as the owner or group owner regardless of who actually executed the file.
For example, we have a file called myprogram that is owned by root and has setuid set. Let's assume you are logged in as joe and you have execute permission. When you execute myprogram, the script will run as root instead of as joe.
setgid is the same as setuid except it changes the effective group to the owning group.
setgid on directories
When setgid is set on a directory, it does something completely different. Any file that is created inside a directory that has setgid will have the same group ownership as the parent directory with setgid.
How to add/remove setuid and setgid
The easier way to add setuid:
chmod u+s <file>
The easier way to add setgid:
chmod g+s <file>
To remove setuid and setgid, just change the above commands from +s to -s.
chmod u-s <file>chmod g-s <file>
How to check for setuid and setgid
To check for either of these, display the file permission using:
ls -l
An s where the user execute bit means setuid is on. If the s is a capital, it means the user does not have execute permission.
An s where the group execute bit means setgid is on. If the s is a capital, it means the group does not have execute permission.
-r-sr----- joe joegroup file1-r-Sr----- joe joegroup file2-r--r-s--- joe joegroup file3-r--r-S--- joe joegroup file4
file1 - setuid is on and joe has execute
file2 - setuid is on but joe does not have execute
file3 - setgid is on and joegroup has execute
file4 - setgid is on but joegroup does not have execute
linux
Comments
There are no comments yet.