LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   suid & sgid (https://www.linuxquestions.org/questions/linux-newbie-8/suid-and-sgid-883721/)

Soji Antony 05-31-2011 08:47 AM
suid & sgid
 
Hi

Hi I have problem with understanding setgid on a binary executable. I know that when sgid bit is set on a binary executable file it will run with the group permission of the binary file, instead of the one who runs it.

There are lot of examples available on the internet demonstrating suid permissions, but not sgid permissions.

I was able to demonstrate suid permissions by calling a bash script from a compiled c program with suid bit set.

I have a file /tmp/1.txt which have the following permissions.

Code:
ls -l /tmp/1.txt
-rwxr----- 1 root root 5 May 31 11.50 /tmp/1.txt
As you can see, only owner & group users can read this file. I wrote a bash script '/tmp/read'
Code:
cat /tmp/read
#!/bin/bash
cat /tmp/1.txt
Code:
chmod u+x /tmp/read
ls -l /tmp/read
-rwxr--r-- 1 root root 28 May 31 11.50 /tmp/read
Code:
cat /tmp/call.c
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
  setuid( 0 );
  system( "/tmp/read" );

  return 0;
}
Code:
cd /tmp
make call call.c
chmod u+s call
ls -l call
-rwsr-xr-x 1 root root 4828 May 30 05.55 call
Now normal users can execute './tmp/call' with elevated privileges & read 1.txt.

But I am unable to do the same with sgid bit set. Can any one provide me, an example like the above script to demonstrate sgid permissions ???
Please help ...

EricTRA 05-31-2011 08:59 AM
Hello,

I'm not sure I understand you correctly but you can set the sgid with
Code:
chmod g+s <yourfile>
Basically SGID works the same way as SUID but rather than using the owner ID it uses the group ID. If you wonder why it's not working that's most likely because you didn't make your script use the SGID instead of the SUID. Your programs/scripts that you want to use with this group mechanism need to made aware of that.

Kind regards,

Eric

Tinkster 05-31-2011 11:12 AM
I think the OPs issue is with the fact that the shell
script to cat the special text file isn't group executable
to begin with. Making the C snippet setgid won't affect
the script, there's still a permission problem.



Cheers,
Tink

EricTRA 05-31-2011 11:13 AM
Hi Tink,

Missed that one, thanks for pointing it out.

Kind regards,

Eric


All times are GMT -5. The time now is 07:15 AM.