On Mon, 2005-04-25 at 06:21 -0500, Dan McGhee wrote: > In getting to this point in Linux, I've read many times something to the > effect, "This needs to be setuid root." And that this means that the > "sticky bit" is set. Beyond that I can't find anything. What does > "setuid" really mean? What exactly does it do? What does it cause? > What does it prevent?
Short version, suid means that an executable with that flag set runs as the user who owns the file, instead of the usual behaviour of running as whoever ran the program. That's important for cases where a program must be run by ordinary users, but needs to do things only root can do. For example, 'su' must be suid because it runs programs as other users. 'passwd' must be suid, because it changes system files that ordinary users shouldn't be able to touch. And 'mount' and 'umount' are usually suid to allow ordinary users to mount and unmount filesystems. The security implications of this should be fairly obvious. Any code that gives ordinary users superuser permissions needs to be fairly carefully written to avoid holes that would allow the user to run things you didn't intend. It's often desirable to mount partitions like /home with the 'nosuid' option, since they prevent such programs from being run, even if some intruder has managed to create one. Note - I've assumed in the examples that the program would be root-owned, since that's the most common need for it. Doesn't have to be the case though - programs owned by any user can be made suid and will be run with the owner's permissions, not those of the runner. Simon.
signature.asc
Description: This is a digitally signed message part
-- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
