SetUID and SetGID question
Ioannis Vranos
ioannis.vranos at gmail.com
Sat Sep 10 17:05:05 UTC 2011
On Sat, Sep 10, 2011 at 7:46 PM, Smoot Carl-Mitchell <smoot at tic.com> wrote:
>
> setuid sets the userid to the owner of the executable. setgid sets the
> primary group id to that of the executable file. With either flag you
> are changing the allowed authorization from the user executing the
> program to another user or group or both.
>
> setgid program are less common, but might be used where you do not want
> the program to run with root privileges, but do want it to have access
> to files which are "owned" by the group.
>
> sendmail for example runs setgid in the smmsp group which allows the
> executable to create files in the client mail queue without allowing
> more permissive access.
Hi Smoot,
Thank you for your answer. When enabling both SetUID and SetGID for an
executable, hasn't it the same effect as enabling SetUID only?
This is where I am confused. If the answer is yes, wouldn't it be
better to not be allowed enabling both, for ambiguity reasons?
Regards,
--
Ioannis Vranos
http://www.cpp-software.net
More information about the ubuntu-users
mailing list