LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Problem with SUID, SGID and Sticky Bit (https://www.linuxquestions.org/questions/linux-newbie-8/problem-with-suid-sgid-and-sticky-bit-769404/)

kinamedebo 11-16-2009 03:42 AM
Problem with SUID, SGID and Sticky Bit
 
Can anybody describe about SUID, SGID and Sticky Bit's function and how they work with files and directories. These things make me so confused :confused: . So if someone help me, that will be highly appritiated. And finally i am totally a :newbie: in linux world ( My operating system is RHel5).

pcunix 11-16-2009 07:20 AM
I believe "man chmod" or "info chmod" describes all that. If there are specific things you don't understand after reading that, I'm sure we can help clear them up.

ongte 11-16-2009 07:56 AM
Let me attempt to answer this one.

SUID is used mainly on executable files when you want whoever executes this file to have the permissions of the file owner (usually root). This is somewhat of a security risk & should be used with caution.

SGID is usually used on directories shared by GroupID. Where users join a group and share access to a directory using the GID of the directory. SGID is then used to ensure that all files created in that directory also belong to the same GID, allowing all group members access.

The Sticky bit is used on world writable directories to maintain ownership control. When a directory is world writtable, any file in it can be deleted by anyone. By setting the sticky bit on the directory, it will enforce ownership of the files & ensure that only the file's owners and root can delete the files. You can see an example of this in the /tmp directory.

mewto 02-25-2010 11:28 AM
A further reference & question
 
@ongte: Thanks for giving a succinct and excellent reply to the sticky bit question. I found a helpful article by Wayne Pollock that went into more details if anyone wish to read further.

I have a question about the Sticky bit 't' bit applied to executable. For example, in this Tips for Linux

Quote:
Sticky Bit

... Setting the sticky bit tells Unix that once the concerned application is executed, it should remain in memory. Remember that Unix is a multi-user OS and was mainly designed so that multiple users can work simultaneously. Thus the logic used is that a program that exists in memory requires lesser time to start when a new user requests for the same program. Thus when one user has just used a program and then a new user wants to use the same program, the second user doesn't have to face a time delay for the program to initialize itself. It would be readily available to him. The concept of the sticky bit was a very useful one, long back when fast disk access and other memory access technologies weren't around. But in today's age the concept of sticky bit is obsolete, since modern day technology is advanced enough to reduce the time delay while loading applications into the memory. Thus currently the sticky bit is of very little significance. Sticky bit is only associated with executables.
Notice where I underlined. We defintely see sticky bits used in non-executables now (as the /tmp example mentioned above). There is no date on this article. Is that quote inaccurate or just out date?

Also, can someone shed some light on the current status of the above quoted "sticky bit for executables"? Is it still implemented in modern kernel/systems? If so, which system?

I understand that it is not necessarily a good idea to use such "sticky executable feature" to mess with the kernel's ability to manage memory in a modern kernel. The question is just if the "feature" still there?

Thanks in advanced for any help.

chrism01 02-25-2010 06:43 PM
As said above,
Quote:
.But in today's age the concept of sticky bit is obsolete
for EXECUTABLES. What the prev poster said re /tmp dir is still true.
In a default RHEL install, its probably the only place you'll see it used.

ongte 02-26-2010 07:27 AM
As I understand it, the sticky bit for executables to remain resident in memory is not implemented in Linux. So this part of it really is quite obsolete.

But it's usage on directories for enforcing file ownership is still commonplace. In a sense, directories are just a special kinda executable file. When you execute it you go into that directory (Notice that you need to have execute permission to change into a directory).

So in sense I guess your underlined statement still holds true.


All times are GMT -5. The time now is 10:42 PM.