LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-17-2013, 04:40 PM   #1
thiyagusham
Member
 
Registered: Apr 2012
Posts: 213

Rep: Reputation: Disabled
Advanced file permissions


Hello to all ;

I am getting confused with suid vs sgid. I know sticky bit well.
If i get any simple example from here ,it will useful to me.
Every time i have to mention this "I belong oracle - DBA"

I googled regarding suid and sgid - not clear ..

Getting confused from this link .. http://www.bashguru.com/2010/03/unix...rmissions.html

Thanks in advance ..

Last edited by thiyagusham; 01-17-2013 at 04:41 PM.
 
Old 01-17-2013, 05:03 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,328

Rep: Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471
Quote:
Originally Posted by thiyagusham View Post
Hello to all ;
I am getting confused with suid vs sgid. I know sticky bit well. If i get any simple example from here ,it will useful to me.
Every time i have to mention this "I belong oracle - DBA"
Well, if you're a DBA, are you wanting to move into Linux administration? If not, such things really won't matter.
Quote:
I googled regarding suid and sgid - not clear ..
Getting confused from this link .. http://www.bashguru.com/2010/03/unix...rmissions.html
What would you like us to tell you? WHAT'S not clear? You don't say what you're confused ABOUT, or what you don't understand in that article. The differences are explained pretty well on that page. Unless you ask a clear question, you can't get answers. And again, can you not talk to your Linux administrators, and ask them for their advice and explanations?

SUID = program runs as the equivalent user ID to whatever the SUID is set to. Set it to root, and a normal user can run the program with root-level rights.
SGID = program runs with permissions of the GROUP. If the group has root privileges, and the group is set to be root, then anyone in that group can run the program with those rights.
 
1 members found this post helpful.
Old 01-17-2013, 06:45 PM   #3
thiyagusham
Member
 
Registered: Apr 2012
Posts: 213

Original Poster
Rep: Reputation: Disabled
Hi TBone ;

I'm very interest to know about unix team operations , really many things are challenging.
I want to continue my carrier as "oracle DBA" with unix stuff. that's it !
Clear explanation TBone Thanks ! I will come back with some examples.

Last edited by thiyagusham; 01-17-2013 at 06:53 PM.
 
Old 01-18-2013, 07:48 AM   #4
rocq
LQ Newbie
 
Registered: Jan 2013
Location: Netherlands
Distribution: Ubuntu
Posts: 21

Rep: Reputation: Disabled
Hi thiyagusham,

In short:
- suid and sgid on FILES: If you run a program and the program tries to access files/directories/whatever it will use your user and group id for permissions. If you don't have access to a file, the program won't have it as well. However if suid is set for the executable the user id of the owner is used when executed. Same for group and sgid.
- sgid on DIRECTORIES: When you create a file or directory the result will have your user and group id. However, if the directory where you create has sgid set, the new file or directory will inherit the group id of the directory it is created in instead of your group id. New directories will inherit the sgid as well.
- suid on DIRECTORIES: No effect.

An example:
I use the sgid on my ftp rootdir. This directory is owned by the ftp user and group. 'Owner' and 'group' have rwx access whereas 'other' has only r-x access. By doing this I can manage who have write access and who don't. The users I want to grand write access are added to the ftp group and they will be able to write. Any new file or directory they create will be owned by the ftp group and thus will be writable for other ftp groupmembers as well.

Last edited by rocq; 01-18-2013 at 07:53 AM.
 
1 members found this post helpful.
Old 01-18-2013, 07:56 AM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
Just a clarification. SUID programs will be run as root. SUID scripts will not in Linux. They will in BSD.

If you want to have some fun playing with permissions, look at the setfacl command. It allows you to grant access to other users and groups.
 
Old 01-18-2013, 09:08 AM   #6
rocq
LQ Newbie
 
Registered: Jan 2013
Location: Netherlands
Distribution: Ubuntu
Posts: 21

Rep: Reputation: Disabled
Quote:
SUID programs will be run as root
No, SUID programs will be run as the owner of the file, which can be root...
http://trillian.randomstuff.org.uk/~...in/node19.html
 
Old 01-18-2013, 09:55 AM   #7
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
I got lazy and didn't type "suid root programs". Thanks for the correction.
 
Old 01-18-2013, 11:17 AM   #8
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,328

Rep: Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471Reputation: 4471
Quote:
Originally Posted by thiyagusham View Post
Hi TBone ;
I'm very interest to know about unix team operations , really many things are challenging.
Well again, if you're interested in knowing how Unix/Linux works, you need to be TALKING TO YOUR CO-WORKERS. You're part of a team at the company you work for. If you can't talk to them or ask them questions, there's a serious problem.
Quote:
I want to continue my carrier as "oracle DBA" with unix stuff. that's it !
...and if you're not going to pursue a career change to a Unix/Linux administrator, and want to stay with Oracle, I'll again point out that you don't really need to focus on these things. There is a LOT to know about Oracle, and if my career was being a DBA, I'd focus my efforts on it. Curiosity is a great thing, and it's awesome to continue to try to learn, but you need to be able to talk to your co-workers, and ask a clear question. Just telling us "I read this article and I'm confused", tells us nothing...

Last edited by TB0ne; 01-18-2013 at 11:34 AM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP Scripts saying No Write Permissions (Advanced) drewdown Linux - Software 1 06-03-2012 02:07 PM
Odd Samba Problem. - Possible Permissions Bug? Advanced Help Needed tbeehler Linux - Software 1 05-17-2007 04:12 PM
Advanced file copy firedance Linux - Newbie 2 08-20-2006 05:38 PM
File server / Advanced Permissions lambmt Linux - Security 2 08-06-2004 09:49 AM
Advanced File Permissions mrsolo Linux - Software 4 04-24-2003 09:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration