SetUID and SetGID question
ioannis.vranos at gmail.com
Sat Sep 10 17:05:05 UTC 2011
On Sat, Sep 10, 2011 at 7:46 PM, Smoot Carl-Mitchell <smoot at tic.com> wrote:
> setuid sets the userid to the owner of the executable. setgid sets the
> primary group id to that of the executable file. With either flag you
> are changing the allowed authorization from the user executing the
> program to another user or group or both.
> setgid program are less common, but might be used where you do not want
> the program to run with root privileges, but do want it to have access
> to files which are "owned" by the group.
> sendmail for example runs setgid in the smmsp group which allows the
> executable to create files in the client mail queue without allowing
> more permissive access.
Thank you for your answer. When enabling both SetUID and SetGID for an
executable, hasn't it the same effect as enabling SetUID only?
This is where I am confused. If the answer is yes, wouldn't it be
better to not be allowed enabling both, for ambiguity reasons?
More information about the ubuntu-users