Quote:
Originally Posted by rajasekhar19489
First the passwd command when I removed the SUID bit from the permission of /usr/bin/passwd I get to use the command as I used it previously
|
That isn't quite true; you can run the
passwd command from a user account, but you won't be able to change the password because it won't have the privileges to write to the password file.
Quote:
Second the ping command when I removed the SUID bit from the permissions of /bin/ping I get the following error when i use ping from a user command prompt
|
That is because only root can open a raw socket.
Quote:
my doubt is why is it behaving differently for same type of permissions change
|
It isn't behaving differently. It is just that these setuid programs require privileges for different reasons, and so will fail under different circumstances.
Quote:
SUID what exactly is it doing and how can people use it in real time for their applications and directories protection.
|
It isn't intended to protect the application. The
setuid bit means that an executable will be run as if it were being executed by the user who owns the file (or group in the case of
setgid. The typical use is actually to increase the privileges of the application.
The
setgid bit has a different use when applied to directories; it causes files/directories created inside it to inherit the group id of the parent. This can be useful for allowing a group of people to have access to shared files.
You need to understand the meanings of these bits before making use of them (particularly on executables), because they can easily create security holes in a shared system.