SetUID and SetGID question
Smoot Carl-Mitchell
smoot at tic.com
Sun Sep 11 01:01:48 UTC 2011
On Sat, 2011-09-10 at 20:05 +0300, Ioannis Vranos wrote:
> Hi Smoot,
>
>
> Thank you for your answer. When enabling both SetUID and SetGID for an
> executable, hasn't it the same effect as enabling SetUID only?
No, it does not have the same effect. Suppose you have an executable
with uid of "foo" and gid of "bar". Suppose your own uid is "sam" and
your primary gid is "samsgroup". Here is the permission of the process
when it runs the executable:
no setuid or setgid: "sam" "samsgroup"
setuid only: "foo" "samsgroup"
setgid only "sam" "bar"
setuid and setgid": ""foo" "bar"
One point of confusion may be most setuid programs have "root" as the
user which means it has access to all system resources. In that case
the setgid settings is irrelevant. But setuid and setgid can be used to
set the authorization permissions to any user or group.
--
Smoot Carl-Mitchell
System/Network Architect
voice: +1 480 922-7313
cell: +1 602 421-9005
smoot at tic.com
More information about the ubuntu-users
mailing list