iT邦幫忙

0

EXPLAINING SPECIAL LINUX PERMISSIONS ( SUID | SGID | STICKY BIT )

In this article we are going to discuss on Special Linux Permissions i.e. SUID , SGID and Sticky Bit. Before we discuss about Special Linux Permissions let’s have look at basic Linux Permissions. In Linux There are three types of permission we can apply i.e. Read, Write & Execute. And each files and directory comes with three set of Users i.e. User (Owner), Group and Others. We can change permission by using chmod command.

SUID (Super User ID)

SUID Stands for Super User ID. We know that root is the Super User in Linux and have all the rights to do administrative tasks but have you noticed that normal user also can do some administrative tasks such as reset the Password and as we know that by reset the password two files getting updated i.e. /etc/passwd and /etc/shadow which is only can be done by root user. Let’s take another example i.e. Normal user can use ping command to check network connectivity and so on. Now let’s Understand what is the use of SUID. First of all SUID should be applied to any binary file of script and we can apply SUID from root user only using chmod command. We are applying SUID to any binary file or script means we are allowing that binary file to execute in any logged in user as a owner of that file. Means if i run the ping command by logging in with a normal user i.e. user1 still it will run as root user only. Let’s take an example to understand the concept properly. SUID alphabetically identified by letter “s” and Numerically Identified by “4“.

Logging as a normal user i.e. user1 and try to use ping command to check the connectivity.

[user1@localhost ~]$ whoami   # To check currently Logged in User
user1
[user1@localhost ~]$ ping -c 3 localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.042 ms

--- localhost ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.027/0.037/0.042/0.007 ms

As we can see on above sample output we able to use ping command in normal user. The reason behind that is SUID special permission is applied to ping binary file. we can use ls -l command to check the permission.

First check the path of ping binary file by which command and then check the permission of that file by using ls -l command.

[root@localhost ~]# which ping   # Checking the Path of the File
/bin/ping
[root@localhost ~]# ls -l /bin/ping   # Checking the Permission of the File
-rwsr-xr-x. 1 root root 40760 Sep 26  2013 /bin/ping

Read Full Post: http://www.elinuxbook.com/special-linux-permissions-suid-sgid-sticky-bit/


尚未有邦友留言

立即登入留言