SetUID and SetGID question
ioannis.vranos at gmail.com
Sun Sep 11 02:17:28 UTC 2011
On Sun, Sep 11, 2011 at 4:01 AM, Smoot Carl-Mitchell <smoot at tic.com> wrote:
> On Sat, 2011-09-10 at 20:05 +0300, Ioannis Vranos wrote:
>> Hi Smoot,
>> Thank you for your answer. When enabling both SetUID and SetGID for an
>> executable, hasn't it the same effect as enabling SetUID only?
> No, it does not have the same effect. Suppose you have an executable
> with uid of "foo" and gid of "bar". Suppose your own uid is "sam" and
> your primary gid is "samsgroup". Here is the permission of the process
> when it runs the executable:
> no setuid or setgid: "sam" "samsgroup"
> setuid only: "foo" "samsgroup"
> setgid only "sam" "bar"
> setuid and setgid": ""foo" "bar"
> One point of confusion may be most setuid programs have "root" as the
> user which means it has access to all system resources. In that case
> the setgid settings is irrelevant. But setuid and setgid can be used to
> set the authorization permissions to any user or group.
Correct me if I am wrong, but as far as I know, the Linux "user",
"group" and "others" permissions for a file (including executables)
work in this way:
If the given User is the "user", he gets these permissions,
else if the given User belongs to the "group", he gets the "group" permissions,
else the given User gets the "others" permissions.
Since, when SetUID is set, the given User gets the "user" permissions,
what else does he get if SetGID is also set?
More information about the ubuntu-users