SetUID and SetGID question
Smoot Carl-Mitchell
smoot at tic.com
Sat Sep 10 16:46:55 UTC 2011
On Sat, 2011-09-10 at 19:31 +0300, Ioannis Vranos wrote:
> Hi,
>
> I am confused regarding SetUID and SetGID flags of executables.
>
> More specifically, what is the use of enabling them *both*, since when
> the executable is run, it is run with owner's privileges because of
> SetUID?
>
> I mean enabling them both, doesn't have the same effect, as enabling
> SetUID only?
setuid sets the userid to the owner of the executable. setgid sets the
primary group id to that of the executable file. With either flag you
are changing the allowed authorization from the user executing the
program to another user or group or both.
setgid program are less common, but might be used where you do not want
the program to run with root privileges, but do want it to have access
to files which are "owned" by the group.
sendmail for example runs setgid in the smmsp group which allows the
executable to create files in the client mail queue without allowing
more permissive access.
--
Smoot Carl-Mitchell
System/Network Architect
voice: +1 480 922-7313
cell: +1 602 421-9005
smoot at tic.com
More information about the ubuntu-users
mailing list