![]() rwxrw-rw- 1 linuxhandbook linuxhandbook 0 Apr 12 17:53 test2.txt The octal number used to set SUID is always 4. You just need to add a fourth digit to the normal permissions. ![]() rwsrw-rw- 1 linuxhandbook linuxhandbook 0 Apr 12 17:52 test.txt ![]() rwxrw-rw- 1 linuxhandbook linuxhandbook 0 Apr 12 17:51 test.txt Here’s an example: linuxhandbook:~$ ls -l test.txt You can use the chmod command in this way: chmod u+s file_name I find the symbolic way easier while setting SUID bit. Now that you understand the concept SUID, let’s see how to set the SUID bit. It’s an essential security concept and many commands (like ping command) and programs (like sudo) utilize it. The setuid/SUID concept is tricky and should be used with utmost cautious otherwise you’ll leave security gaps in your system. If it doesn’t match and if the command wasn’t run by root, it throws an error. If you check the code for the passwd command, you’ll find that it checks the UID of the user whose password is being modified with the UID of the user that ran the command. But why? If you can run the passwd command as a regular user with the same permissions as root and modify the files like /etc/passwd, why can you not change the password of other users? Note that a normal user can’t change passwords for other users, only for himself/herself. Why can a normal user not change the password of other users? This is the reason why you can use the passwd command to change your own password despite of the fact that the files this command modifies are owned by root. But thanks to the setuid flag (SUID bit), a regular user will also be able to modify these files (that are owned by root) and change his/her password. These files are owned by root and can only be modified by root. What’s the benefit? The passwd command needs to edit files like /etc/passwd, /etc/shadow to change the password. This means that any user running the passwd command will be running it with the same permission as root. rwsr-xr-x 1 root root 59640 /usr/bin/passwd ![]() If you look at the binary executable file of the passwd command, it has the SUID bit set. When the SUID bit is set on an executable file, this means that the file will be executed with the same permissions as the owner of the executable file. With this permission, you don’t need to give sudo access to a specific user when you want him to run some root script. It’s important to notice that this file belongs to the root user and root group. In this example, the passwd command, responsible to change the password of a user, has the letter s on the same place we expect to see x or -, for user permissions. ![]() Now I’m gonna show you some special permissions with new letters on the Linux file system. If not, please read our excellent guide explaining Linux file permission. To start talking about of special permissions, I am going to presume that you have some knowledge of the basic file permissions. Linux Special Permissions: SUID, GUID and Sticky Bit It typically looks like this: Regular file permissionsĪpart from these regular permissions, there are a few special file permissions and not many Linux users are aware of it. You probably are already familiar with these terms already. File permissions and ownership are the basic and yet essential security concepts in Linux. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |