Showing posts with label suid. Show all posts
Showing posts with label suid. Show all posts

Friday, December 4, 2015

how to set SUID in linux ?

SUID (Set owner User ID up on execution) is a special type of file permissions given to a file. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SUID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file owner rather that the user who runs it.

In simple words users will get file owner’s permissions as well as owner UID and GID when executing a file/program/command.


Image result for suid linux


example:

crontab and at


When scheduling the jobs by using crontab or at command it is obvious to edit some of the crontab related configuration files located in /etc which are not writable for normal users. So crontab/at commands are set with SUID in-order to write some data.


[root@rehl ~]# ls -l /usr/bin/crontab
-rwsr-xr-x. 1 root root 57536 Jan 27  2014 /usr/bin/crontab




[root@server15 ~]# ls -l /usr/bin/at
-rwsr-xr-x. 1 root root 53792 Jan 29  2014 /usr/bin/at





How can I setup SUID for a file?

SUID can be set in two ways

1) Symbolic way (s, Stands for Set)
2) Numerical/octal way (4)
Use chmod command to set SUID on file: file1.txt

Symbolic way:

chmod u+s file1.txt
Here owner permission execute bit is set to SUID with +s

Numerical way:

chmod 4750 file1.txt
Here in 4750, four indicates SUID bit set, seven for full permissions for owner, five for read and execute permissions for group, and no permissions for others.

How can I check if a file is set with SUID bit or not?

Use ls –l to check if the x in owner permissions field is replaced by s or S
For example: Listing file1.txt before and after SUID set


[root@server15 ~]# ls -l file1.txt
-rwSr--r--. 1 root root 0 Nov 24 14:46 file1.txt


How to remove SUID ?

chmod u-s file1.txt

Where is SUID used?


1) Where root login is required to execute some commands/programs/scripts.
2) Where you don’t want to give credentials of a particular user, but want to run some programs as the owner.
3) Where you don’t want to use SUDO command, but want to give execute permission for a file/script etc.













Saturday, January 24, 2015

Three Special Permission in Linux - SUID, SGID & Sticky Bit



Three Special Permission in Linux - SUID, SGID & Sticky Bit.


Three special permission in linux are SUID, SGID and Sticky Bit which is use to control the linux user in advance.
What is SUID?

The common explanation given for SUID is, it is an advance file permission SUID allows an user to execute a script as if the owner of the script is executing it.

Example for SUID
root@linuxforfreshers:~#ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 22984 Jan  2013 /usr/bin/passwd
SUID bit is set on an executable. It runs with the permission of its owner.

Command :
root@linuxforfreshers:~#chmod u+s  < file name >

                                  or

root@linuxforfreshers:~#chmod 4755  < file name >
What is SGID?

If the set gid bit on directory entry is set, file in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.

Command :
root@linuxforfreshers:~#chmod g+s  < file name >

                                 or

root@linuxforfreshers:~#chmod 2755  <file name >

What is Sticky Bit?
Sticky Bit is mainly used on folders in order to avoid deletion of a folder and its content by other users though they having write permissions on the folder contents. If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder(Where sticky bit is set). This is a security measure to avoid deletion of critical folders and their content(sub-folders and files), though other users have full permissions.
How can I setup Sticky Bit for a Folder?
Sticky Bit can be set in two ways
1.     Symbolic way (t,represents sticky bit)
2.     Numerical/octal way (1, Sticky Bit bit as value 1)

Symbolic way:
chmod o+t /opt/dump/
or
chmod +t /opt/dump/
Numerical way:
chmod 1757 /opt/dump/
Here in 1757, 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.

root@linuxforfreshers:~#chmod o+t  < Dir Name >

                                   or

root@linuxforfreshers:~#chmod 1777 < Dir Name >