Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just read somewhere that "latest linux kernels does not support suid & guid as it can pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed".
I need a confirmation about what I say is correct or if not please correct me.
I just read somewhere that "latest linux kernels does not support suid & guid as it can pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed".
I need a confirmation about what I say is correct or if not please correct me.
Thanks in advance ....
I do not think so. If you are talking about Linux systems, it does have SUID bit set on passwd command , which is essential and cannot be neglected.
Quote:
# ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 23420 Aug 11 2010 /usr/bin/passwd
Actually, I was trying to write a script which enables normal users to change their route. I wrote a bash script & set SUID, thinking that that script will run with root privilege & users can change their route using following commands.
Code:
route del default
route add default gw 192.168.0.5
But even though SUID is set, the users get permission denied error. However I managed to solve this problem by calling this bash script from a C compiled program.
Now users can execute ./call-script & can chanage their route with root privilege.
So , I assume that setuid bit is disabled on shell scripts(bash) & can be used only with binary executable. Please correct me If I am wrong ....
Typical Linux filesystems are a lot more sophisticated than "the handful of attribute bits" might lead you to believe. They often support Access Control Lists (ACLs), and may be capable of doing authentication and authorization in lots of other ways as well. So, yes, it is possible to nullify the effect of the "SetUID" bits.
Linux is fully capable of being "a good corporate citizen" in whatever company (or government) secured network you might be a part of. It maintains "the old Unix ways of doing things" partly just for compatibility and familiarity ... not out of necessity.
It's true that suid, sgid are not enabled by the kernel for scripting(!) languages; that's not a new thing BTW.
However, if the user can run 'route', it could be set suid if reqd, much like the passwd cmd mentioned.
Usually however, you'd enable just those few users via sudo instead of allowing all users.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
