Module – 21 Linux SetUid / SetGid / StickyBit explained

SetUID:

  • When set-user identification (setuid) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who is running the executable file.
  • This special permission allows a user to access files and directories that are normally only available to the owner.
  • For example, the setuid permission on the passwd command makes it possible for a user to change passwords, assuming the permissions of the root ID:
  • -r-sr-sr-x 3 root sys 104580 Sep 16 12:02 /usr/bin/passwd

 

Let us test one simple scenario:

  • su –  root
  • vi /home/secure.txt
  • chmod 744 /home/secure.txt

So , /home/secure.txt is owned by root, normal users have no edit access…right?

Now, change setud permission to VI command. (****very danger, remove later)

  • chmod u+s /usr/bin/vi

…. now any user can run Vi editor  & it will get root permission to edit any files.

Ok. lets test it:

  • su – testuser
  • vi /home/secure.txt   (add some lines & save it)

— you can edit the file right?

Ok, Let us remove the setuid for vi editor, otherwise it is very dangerous.

  • su – root
  • chmod -s /usr/bin/vi

——————————————————————————————————–

setgid Permission

  • The set-group identification (setgid) permission is similar to setuid, except that the process’s effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions granted to that group.
  • ex:       -r-x–s–x 1 root mail 63628 Sep 16 12:01 /usr/bin/mail
  • When setgid permission is applied to a directory, files that were created in this directory belong to the group to which the directory belongs, not the group to which the creating process belongs.
  • Any user who has write and execute permissions in the directory can create a file there.
  • However, the file belongs to the group that owns the directory, not to the user’s group ownership.
  • Example: chmod g+s example

Let us test simple scenario:

  • su – root
  • midir –p /home/testguid
  • chmod 777 /home/testguid

Now any user can create files & directories under /home/testuid right? Yes.

Ok, lets test it.

  • su – testuser
  • cd /home/testguid
  • touch file01
  • ls –ltr ( file01  will be owned by testuser:testuser)

So, far we have enabled setuid. It is expected normal way .

Now change setgid permission for /home/testguid (as a root user)

  • su – root
  • chmod g+s /home/testguid

Done, check with ls -ltr to see the file permission change !!

Let us test now,

  • su – testuser
  • cd /home/testguid
  • touch file02
  • ls –ltr (file be will be owned by testuser:root)

So, group ID (root) stays same & never change. Hope you got it :-)

 

————————————————————————————————————————————–

Sticky Bit

  • The sticky bit is a permission bit that protects the files within a directory.
  • If the directory has the sticky bit set, a file can be deleted only by the owner of the file, the owner of the directory, or by root.
  • This special permission prevents a user from deleting other users’ files from public directories such as /tmp:
  • drwxrwxrwt 7 root sys 400 Sep 3 13:37 tmp

Let us test the scenario:

  • su – user01
  • cd /tmp
  • touch user01.txt
  • ls -ltr user01.txt ( it will be owned by user01:user01)

Now, do the same for user02

  • su – user02
  • cd /tmp
  • touch user02.txt
  • ls -ltr user02.txt (it will be owned  by user02:user02)

though, both users are creating files under /tmp directory, the files are owned by appropriate users and others cannot delete.

test it…

  • su – user01
  • cd /tmp
  • rm user02.txt ( user01 tries to delete user02 file…& but  you will  get permission denied error)

This is because, /tmp directory  has been set with stickybit which preserves the permission of users file.

  • ls -ltr /tmp
  • drwxrwxrwt 7 root sys 400 Sep 3 13:37 tmp

To enable Stickybit permission for any directory:

  • chmod +t <directory>

 

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>