LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-03-2004, 04:08 PM   #1
feetyouwell
Member
 
Registered: Dec 2003
Location: NC, US
Distribution: Novell Linux Eval (2.6.5)
Posts: 240

Rep: Reputation: 30
Question Question: the concept of suid and sgid


I have a question about suid and sgid
by setting up suid/sgid, you're running the program with the permission of the owner instead of your permission, one obvious example is passwd, my question is that if you're running passwd as root, then you can only change your own password, why when you do "passwd <someonelese>" it will not work, theorically you're root ????
I also like to know under what circumstances it's good to use suid and sgid, and how would i know what true priviliges that a program will give.

Thanx
 
Old 02-03-2004, 04:19 PM   #2
kevinatkins
Member
 
Registered: Jan 2004
Location: cheshire, uk
Distribution: Ubuntu Hoary
Posts: 605

Rep: Reputation: 32
afaik, my understanding of sticky user & group 'bits' is to allow common access to, for instance, a 'temporary' directory, whereby only the 'owners' of files created in said directory can modifiy or delete those files. that's as far as my limited understanding goes, and it doesn't extend to sticky permissions on files - perhaps with less beer and more time i might be able to figure it out.....
 
Old 02-03-2004, 04:49 PM   #3
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
The SUID bit allows you to run the program with the privelages of the owner. In the case of passwd, it is necessary because /etc/shadow is readable only by root. If passwd was not SUID, then no user would be able to change their password because there would be no mechanism in place to modify the shadow file. As far as specifying the username as an argument, it is not necessary unless root is trying to change the password of another user.
 
Old 02-03-2004, 04:58 PM   #4
feetyouwell
Member
 
Registered: Dec 2003
Location: NC, US
Distribution: Novell Linux Eval (2.6.5)
Posts: 240

Original Poster
Rep: Reputation: 30
i guess my question is that
if passwd as a program is run by root, then anything ought be done such as passwd <different_user>.
Maybe when you do passwd <different_user>, it sends to another process yet only root has access to????
 
Old 02-03-2004, 05:12 PM   #5
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
The reason that passwd is SUID to root is because only root can read the shadow file. Regular users can't read the shadow file. In addition, only root can change another user's password.

Last edited by stickman; 02-03-2004 at 05:17 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
what is "sticky bit mode" , "SUID" , "SGID" augustus123 Linux - General 10 08-03-2012 05:40 AM
Eliminating SUID & SGID? ridertech Linux - Security 4 07-08-2004 06:58 PM
suid/sgid question plan9 Linux - Security 1 07-08-2004 08:15 AM
shell variables &suid&sgid alaios Linux - General 6 05-23-2003 05:03 PM
SGID and SUID on Directories mikeyt_333 Linux - General 1 03-26-2002 03:41 PM


All times are GMT -5. The time now is 02:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration