Problem with SUID, SGID and Sticky Bit
Can anybody describe about SUID, SGID and Sticky Bit's function and how they work with files and directories. These things make me so confused :confused: . So if someone help me, that will be highly appritiated. And finally i am totally a :newbie: in linux world ( My operating system is RHel5).
|
I believe "man chmod" or "info chmod" describes all that. If there are specific things you don't understand after reading that, I'm sure we can help clear them up.
|
Let me attempt to answer this one.
SUID is used mainly on executable files when you want whoever executes this file to have the permissions of the file owner (usually root). This is somewhat of a security risk & should be used with caution. SGID is usually used on directories shared by GroupID. Where users join a group and share access to a directory using the GID of the directory. SGID is then used to ensure that all files created in that directory also belong to the same GID, allowing all group members access. The Sticky bit is used on world writable directories to maintain ownership control. When a directory is world writtable, any file in it can be deleted by anyone. By setting the sticky bit on the directory, it will enforce ownership of the files & ensure that only the file's owners and root can delete the files. You can see an example of this in the /tmp directory. |
A further reference & question
@ongte: Thanks for giving a succinct and excellent reply to the sticky bit question. I found a helpful article by Wayne Pollock that went into more details if anyone wish to read further.
I have a question about the Sticky bit 't' bit applied to executable. For example, in this Tips for Linux Quote:
Also, can someone shed some light on the current status of the above quoted "sticky bit for executables"? Is it still implemented in modern kernel/systems? If so, which system? I understand that it is not necessarily a good idea to use such "sticky executable feature" to mess with the kernel's ability to manage memory in a modern kernel. The question is just if the "feature" still there? Thanks in advanced for any help. |
As said above,
Quote:
In a default RHEL install, its probably the only place you'll see it used. |
As I understand it, the sticky bit for executables to remain resident in memory is not implemented in Linux. So this part of it really is quite obsolete.
But it's usage on directories for enforcing file ownership is still commonplace. In a sense, directories are just a special kinda executable file. When you execute it you go into that directory (Notice that you need to have execute permission to change into a directory). So in sense I guess your underlined statement still holds true. |
All times are GMT -5. The time now is 10:42 PM. |