LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-20-2010, 07:03 AM   #1
rajasekhar19489
Member
 
Registered: Sep 2010
Location: hyderabad
Distribution: UBUNTU,FEDORA,RHEL5
Posts: 30

Rep: Reputation: 3
Lightbulb explanation of "SUID" In detail


Hii all,

Need help regarding SUID

I have this example of passwd command where SUID is set so it can be used by a user with the privileges of root and also the command ping.


First the passwd command when I removed the SUID bit from the permission of /usr/bin/passwd I get to use the command as I used it previously

Second the ping command when I removed the SUID bit from the permissions of /bin/ping I get the following error when i use ping from a user command prompt
ping 127.0.0.1
error::

ping: icmp open socket: Operation not permitted

NOTE : I changed the permissions from 4755 to 755
so my doubt is why is it behaving differently for same type of permissions change SUID what exactly is it doing and how can people use it in real time for their applications and directories protection.
 
Old 10-20-2010, 09:01 AM   #2
neonsignal
Senior Member
 
Registered: Jan 2005
Location: Melbourne, Australia
Distribution: Debian Jessie (Fluxbox WM)
Posts: 1,388
Blog Entries: 52

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
Quote:
Originally Posted by rajasekhar19489 View Post
First the passwd command when I removed the SUID bit from the permission of /usr/bin/passwd I get to use the command as I used it previously
That isn't quite true; you can run the passwd command from a user account, but you won't be able to change the password because it won't have the privileges to write to the password file.

Quote:
Second the ping command when I removed the SUID bit from the permissions of /bin/ping I get the following error when i use ping from a user command prompt
That is because only root can open a raw socket.

Quote:
my doubt is why is it behaving differently for same type of permissions change
It isn't behaving differently. It is just that these setuid programs require privileges for different reasons, and so will fail under different circumstances.

Quote:
SUID what exactly is it doing and how can people use it in real time for their applications and directories protection.
It isn't intended to protect the application. The setuid bit means that an executable will be run as if it were being executed by the user who owns the file (or group in the case of setgid. The typical use is actually to increase the privileges of the application.

The setgid bit has a different use when applied to directories; it causes files/directories created inside it to inherit the group id of the parent. This can be useful for allowing a group of people to have access to shared files.

You need to understand the meanings of these bits before making use of them (particularly on executables), because they can easily create security holes in a shared system.
 
Old 10-21-2010, 02:50 AM   #3
rajasekhar19489
Member
 
Registered: Sep 2010
Location: hyderabad
Distribution: UBUNTU,FEDORA,RHEL5
Posts: 30

Original Poster
Rep: Reputation: 3
Thanq

Thnq for the explaination .now i Understand that usage of SUID explains everything.So I'll be on that. T

THNX FR UR HELP neonsignal
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
what is "sticky bit mode" , "SUID" , "SGID" augustus123 Linux - General 10 08-03-2012 05:40 AM
What does "Used Dev Size" mean (mdadm --detail) taoleicn Red Hat 4 11-06-2009 01:01 AM
where can find file "/etc/init.d/functions " detail explain cnhawk386 Linux - Software 3 09-20-2007 11:44 AM
Detail: I have installed 3 nic, but only one can "ping" other machine, why? mycmos Linux - Networking 3 11-01-2004 01:48 AM


All times are GMT -5. The time now is 11:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration