LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-31-2011, 09:47 AM   #1
Soji Antony
Member
 
Registered: Jul 2010
Posts: 54

Rep: Reputation: 1
suid & sgid


Hi

Hi I have problem with understanding setgid on a binary executable. I know that when sgid bit is set on a binary executable file it will run with the group permission of the binary file, instead of the one who runs it.

There are lot of examples available on the internet demonstrating suid permissions, but not sgid permissions.

I was able to demonstrate suid permissions by calling a bash script from a compiled c program with suid bit set.

I have a file /tmp/1.txt which have the following permissions.

Code:
ls -l /tmp/1.txt
-rwxr----- 1 root root 5 May 31 11.50 /tmp/1.txt
As you can see, only owner & group users can read this file. I wrote a bash script '/tmp/read'
Code:
cat /tmp/read
#!/bin/bash
cat /tmp/1.txt
Code:
chmod u+x /tmp/read
ls -l /tmp/read
-rwxr--r-- 1 root root 28 May 31 11.50 /tmp/read
Code:
cat /tmp/call.c
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main()
{
   setuid( 0 );
   system( "/tmp/read" );

   return 0;
}
Code:
cd /tmp
make call call.c
chmod u+s call
ls -l call
-rwsr-xr-x 1 root root 4828 May 30 05.55 call
Now normal users can execute './tmp/call' with elevated privileges & read 1.txt.

But I am unable to do the same with sgid bit set. Can any one provide me, an example like the above script to demonstrate sgid permissions ???
Please help ...
 
Old 05-31-2011, 09:59 AM   #2
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hello,

I'm not sure I understand you correctly but you can set the sgid with
Code:
chmod g+s <yourfile>
Basically SGID works the same way as SUID but rather than using the owner ID it uses the group ID. If you wonder why it's not working that's most likely because you didn't make your script use the SGID instead of the SUID. Your programs/scripts that you want to use with this group mechanism need to made aware of that.

Kind regards,

Eric
 
Old 05-31-2011, 12:12 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
I think the OPs issue is with the fact that the shell
script to cat the special text file isn't group executable
to begin with. Making the C snippet setgid won't affect
the script, there's still a permission problem.



Cheers,
Tink

Last edited by Tinkster; 05-31-2011 at 12:24 PM.
 
1 members found this post helpful.
Old 05-31-2011, 12:13 PM   #4
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hi Tink,

Missed that one, thanks for pointing it out.

Kind regards,

Eric
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] suid & sgid on directories Soji Antony Linux - Newbie 3 05-30-2011 02:24 AM
SGID and SUID Paris Heng Linux - General 2 11-08-2008 10:45 PM
Eliminating SUID & SGID? ridertech Linux - Security 4 07-08-2004 06:58 PM
suid/sgid question plan9 Linux - Security 1 07-08-2004 08:15 AM
shell variables &suid&sgid alaios Linux - General 6 05-23-2003 05:03 PM


All times are GMT -5. The time now is 06:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration