Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a question about suid and sgid
by setting up suid/sgid, you're running the program with the permission of the owner instead of your permission, one obvious example is passwd, my question is that if you're running passwd as root, then you can only change your own password, why when you do "passwd <someonelese>" it will not work, theorically you're root ????
I also like to know under what circumstances it's good to use suid and sgid, and how would i know what true priviliges that a program will give.
afaik, my understanding of sticky user & group 'bits' is to allow common access to, for instance, a 'temporary' directory, whereby only the 'owners' of files created in said directory can modifiy or delete those files. that's as far as my limited understanding goes, and it doesn't extend to sticky permissions on files - perhaps with less beer and more time i might be able to figure it out.....
The SUID bit allows you to run the program with the privelages of the owner. In the case of passwd, it is necessary because /etc/shadow is readable only by root. If passwd was not SUID, then no user would be able to change their password because there would be no mechanism in place to modify the shadow file. As far as specifying the username as an argument, it is not necessary unless root is trying to change the password of another user.
i guess my question is that
if passwd as a program is run by root, then anything ought be done such as passwd <different_user>.
Maybe when you do passwd <different_user>, it sends to another process yet only root has access to????
The reason that passwd is SUID to root is because only root can read the shadow file. Regular users can't read the shadow file. In addition, only root can change another user's password.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Question: the concept of suid and sgid
