Comments on Setting the SUID/SGID bits: Giving a program YOUR permissions when it runs
Setting the SUID/SGID bits: Giving a program YOUR permissions when it runs Normally, when a program runs under Linux, it inherits the permissions of the user who is running it, thus if I run a program under my account, the program runs with the same permissions that I would have if that program were me. Thus, if I cannot open a certain file, the program I am running also cannot open the file in question. If I set the SUID or SGID bit for a file, this causes any persons or processes that run the file to have access to system resources as though they are the owner of the file.
5 Comment(s)
Comments
Another solution to give permissions to a user is to use sudo. The file is easyly configurable via a sudoers configuration file.
Here is a tuto:
http://www.developertutorials.com/tutorials/linux/using-sudo-050511/page1.html
Nicolargo
--== blog.Nicolargo.com ==--
Check bellow link for explanation with example
http://bashscript.blogspot.com/2010/03/unixlinux-advanced-file-permissions.html
Setting the SUID/SGID bit for a program to the 'root' user should actually be discouraged. If the program is badly written and can be manipulated via (malicious) input, it could allow a normal user to gain root privileges or access to files which that user should not be able to access.
When setting the sticky bit to a normal userid, it could allow other users access to all the other user's files, which may not really be what you want.
So please think about the security implications before randomly using this feature.
If you are facing a permissions dilemma for multiple users/groups, please consider looking into MAC (Mandatory Access Control).
After setting SUID
-rwSrwxr-x 1 mike mike 0 Dec 5 11:24 freddy
if you see 'S' then it means that the file has no executable permissions for that user.
consider that if the file has executable permissions already and you are setting SUID
chmod u+s freddy
-rwsrwxr-x 1 mike mike 0 Dec 5 11:24 freddy
you should see a smaller 's' in the executable permission position.
this really helped me understand. Apprciate it.