SUID (Set owner User ID up on execution) is a special type of file permissions given to a file. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SUID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file owner rather that the user who runs it.
In simple words users will get file owner’s permissions as well as owner UID and GID when executing a file/program/command.
example:
crontab and at
When scheduling the jobs by using crontab or at command it is obvious to edit some of the crontab related configuration files located in /etc which are not writable for normal users. So crontab/at commands are set with SUID in-order to write some data.
[root@rehl ~]# ls -l /usr/bin/crontab
-rwsr-xr-x. 1 root root 57536 Jan 27 2014 /usr/bin/crontab
[root@server15 ~]# ls -l /usr/bin/at
-rwsr-xr-x. 1 root root 53792 Jan 29 2014 /usr/bin/at
How can I setup SUID for a file?
SUID can be set in two ways
1) Symbolic way (s, Stands for Set)
2) Numerical/octal way (4)
2) Numerical/octal way (4)
Use chmod command to set SUID on file: file1.txt
Symbolic way:
chmod u+s file1.txt
Here owner permission execute bit is set to SUID with +s
Numerical way:
chmod 4750 file1.txt
Here in 4750, four indicates SUID bit set, seven for full permissions for owner, five for read and execute permissions for group, and no permissions for others.
How can I check if a file is set with SUID bit or not?
Use ls –l to check if the x in owner permissions field is replaced by s or S
For example: Listing file1.txt before and after SUID set
[root@server15 ~]# ls -l file1.txt
-rwSr--r--. 1 root root 0 Nov 24 14:46 file1.txt
How to remove SUID ?
chmod u-s file1.txt
Where is SUID used?
1) Where root login is required to execute some commands/programs/scripts.
2) Where you don’t want to give credentials of a particular user, but want to run some programs as the owner.
3) Where you don’t want to use SUDO command, but want to give execute permission for a file/script etc.
No comments:
Post a Comment