Re: Set user ID on execution
Oswald Buddenhagen said:
>> Can anyone explain this to me in plain english? Like, what the difference
>> is between chmod 4750 and chmod 750 -- and how it effects the files'
> every user has an id, as you probably know.
> if the file is executed normally (ie, permissions are 750), then the
> program runs with the user id of the user, who started it, and thus has
> the permissions to do the things, that the "runner" is able to do.
> if the set-uid bit is set (ie, 4750), then the program's user id will be
> set to the id of the user, who owns the file. so if the program file is
> owned by root and it is set-uid, then the program will get root
> permissions - no with regard to that, by whom it is executed.
> that's the reason, why set-uid programs have to be done with special
> care: they have potentially very much power.
OK, I understand the what you've said above, but give me an example. I have
seen what happens when /bin/su is not setuid, but WHY does it have to be
like that, and WHY does it do what it does when it's not setuid? I've seen
a lot of other binaries in this predicament:
[root-> /bin]% ls -l | grep rws
-rwsr-xr-x 1 root root 20164 Apr 17 1999 login
-rwsr-xr-x 1 root root 52788 Apr 17 1999 mount
-rwsr-xr-x 1 root root 14804 Apr 7 1999 ping
-rwsr-x--- 1 root wheel 13208 Apr 13 1999 su
-rwsr-xr-x 1 root root 26508 Apr 17 1999 umount
Many more, of course..