Re: File Permissions


Subject: Re: File Permissions
From: Karen A Swanberg (swanberg@tc.umn.edu)
Date: Wed Oct 03 2001 - 17:47:58 EDT


on 10/03/01, Kelly S. Smelser wisely declared:

> We are running Linux Redhat 7.1. It does support the "sticky bit", but
> I haven't implemented it before. Do you have information on setting it
> up? If not, I can look it up. Thanks.

First, I was incorrect. It's not the stick bit, it's the setgid bit (set
group ID) bit.

I don't run redhat, so I can't point you to a specific man page, but I got
most of my info on this stuff from Evi Nemeth's "Unix System
Administration Handbook" which is chock full of useful advice (and one or
two pieces of not-so good advice, but even those are debatable). Here's
what it says about setguid:

(3rd. ed, chap 5.5, pg. 69):

"The bits with octal values 4000 and 2000 are the setuid and setgid
bits. These bits allow programs to acess files and processes that would
otherwise be off-limits to the users that run them. ... When set on a
directory, the setgid bit causes newly created files within the directory
to take on the group membership of the directory rather than the defualt
group of the user that created the file. This convention makes it easier
to share a directory of files among several users, as long as they all
belong to a common group. Check your system before relying on this
feature, since not all version of UNIX provide it. ... This interpretation
of the setgid bit is unrelated to it's meaning when set on an executable
file, but there is never any ambiguity as to which meaning is
appropriate." (any typos are mine)

NOTE: The SETUID bit is VERY dangerous. If you set it on an executable,
and the executable is owned by root, anyone who runs that executable is
root for the duration of that executable's run, so a clever person can
leverage that into a full-scale compromise. The SETGID bit also has
implications that way, so be careful where you set it.

You set it by doing a chmod 2777 or 2775, or whatever. It's that first
2 bit.

-Karen

- -
    Karen Swanberg | Sys Admin | Dept. of Geology and Geophysics
206 Pillsbury Hall | 310 Pillsbury Ave. SE | University of Minnesota
     Minneapolis, MN 55455 (612) 624-6541 (612) 625-3819 (f)

              * <---- Tribble . <--- Tribble.tgz



This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:54 EDT