Re: [Cooker] Sticky bit

[Eric MC.D]

Thomas SMETS wrote:
> 
> I'd like to set my /opt directory as a king of shared environment.
> I downloaded jdk & jre 1.1.8 / 1.2.2 / 1.3 & set up some script so one
> could work with the three in different shells whitout too many clashes.
> Now what I want is to lock the directories so every one can see other's
> work but cannot overwrite it. I thought doing this would give the answer
> but it doesn't !
> Every action is completed under the "root" account (su).

Here set the Sticky bit 1xxx to the dir.
Ex.: Thomas and Eric have acces to the /tmp dir.
So Thomas decided to create a dir /tmp/new.
Now Eric don't like Thomas, so he remove the /tmp/new
when Thomas is away.
Now, to protect his dir Thomas must set the Sticky bit
so Eric can't remove it.
The accesses however stay in place.

> 
> # From /opt doing that would allow every member of the "users" group
> # to be part of the gid allowed for the files
>     chown -Rv root.users * 
Here you setted (with shown) the SUID and SGID to '0'.
Because the owner and group changed.
Only chmod can change the extended acesses.
> 
> #
> # Gives rx access to anyone (only root can modify)
> # Every one can access in full control every thing it creates (sticke
> bit)
>     chmod -Rv 6755 *
> 
This way not only the owner AND root can modify,
but EVEYONE !
If a SUID bit is placed say a prog, this prog obtain,
the time he's used, the nbr of the owner with
of corse all the priv. of the owner.
Ex. : if the SGID is placed on a prog where the owner
is 'root', then this prog obtain the '0' nbr = root
and the prog an be executed.
Do this with passwd and the user can change your passwd !!!!
So know what you are doing.
Octal values of are:
Access priv.    Value
DUID bit        4000
SGID            2000
Now add both = 6000 and 6000 + 755 = 6755.
Or chmod u+s filename for the SUID.
and chmod g+s filename for the SGID.
The SUID bit and SGID are only util if the exec
authorization
are defined in consequence.
If they aren't for the owner or the group of the file,
the identificator 's' is displayed as (S) majusc.

> Gives out :
> mode of jre118/lib/font.properties.ISO8859_15_FDIS changed to 6755
> (rwsr-sr-x)
> For every files
> 
> # Creating the Src & destination directories.
>      mkdir src
>      mkdir Classes
>      chmod -Rv 6755 *
> 
> Now I though that as a normal user (su username) :
Normal users are 500 +
Su is for the root password to get the root priv. (0)

> 1. Could create any file I wanted in the ./src & ./Classes without any
> troubles

What troubles do you mean ?

> 2. Would receive the rxw priviledge while others would only get the rx.
> 
???

> I doesn't seems to be that.
> Could one hint to a solution ?
> 
> Tx,
> 
> Thomas,
> 

Did this respond on your question ? (Sorry about the
English)
Eric (see also the return on your next e-mail)


> [EMAIL PROTECTED] wrote:
> >
> > 'lut,
> >
> > Est-ce que qqn pourrait me dire comment je puis realiser la chose
> suivante :
> >
> > /opt est un repertoire ou se trouve qq appli que je voudrais partager
> > p.e. jdk's / jre's / Weblogic / ... (Weblogic cela sera pr plus tard, je crois)
> > j'ai  ensuite applique :
> >   chown -Rv root.users *         # pr permettre a tt le monde d'etre reconnu comme 
>utilsateur
> >   chmod -Rv 6755 *                # pr permettre a tt le monde de compiler & 
>d'executer ses pgrm Java
> >   mkdir src                      # Java source code
> >   mkdir Classes                  # Java class files
> >
> > Maintenant, je desire autoriser n'importe qui a creer des fichiers / repertoires / 
>... et les compiler,
> > mais ss permettre d'ecraser ceux des autres.
> > Je n'ai cependant pas reussi a utiliser le Sticky bit avec success.
> > Qqn pourrait-il me donner des renseignement sur ce que je dois faire ?
> >
> > Merci,
> >
> > thomas,
> 
> --
> 
> Thomas SMETS                           Phone : +32 (0)2 742. 05. 94.
> Av. de la Braban�onne 133 / 3          e-mail : tsmets @altern.org
> 1030 Bruxelles
> 
> ==== Quote of the day =========
> Ignorance is when you don't know anything and somebody finds it out.
>  ======= End of Quote =========