It's called suid bit or sgid bit by default, unix installations have many programs installed suid root. Suid root refers to set user id root. This allows the program to do functions not normally allowed for users to do themselves. Low level networking routines, controlling graphical display functions, changing passwords, and logging in are all examples of programs that rely on executing their functions as a user that is not restricted by standard file permissions. While many programs need this functionality, the program must be bug free in only allowing the user to do the function the program was designed for.
on a directory it means 'sgid or set the group owner on created files to
the group that owns the directory rather than the group of the user
creating the file, it's handy for controlling the ownership of uploaded
files....(s in that position implies x btw, since there wouldn't be much point in
doing this if you didn't have exec permission to start with)
---------------
Not sure of what it means but that's what I found
Originally posted by DynaSpain It's called suid bit or sgid bit by default, unix installations have many programs installed suid root. Suid root refers to set user id root. This allows the program to do functions not normally allowed for users to do themselves. Low level networking routines, controlling graphical display functions, changing passwords, and logging in are all examples of programs that rely on executing their functions as a user that is not restricted by standard file permissions. While many programs need this functionality, the program must be bug free in only allowing the user to do the function the program was designed for.
DynaMite
But how do I turn on the sgid bit for an otherwise "normal" directory?
Originally posted by TheFLY What does the "s" mean here...? Do I change this with chmod?
This is a directory...
drwxr-sr-x 2 thefly thefly
+s is suid ... for example, if an executable file is +s and owned by root it will get executed with root permissions. For example /bin/passwd needs to be suid root since it writes to /etc/passwd. Only root can normaly do that .. but to give normal users the abillity to change their passwords, unix solves it by having it +s (and owned by root)
Suid files are the ones hackers use to get root localy once they're in your system with shellaccess. Every suidfile is a potential securityhole so if you dont need the functionallity it provides I suggest You remove as many suid-files as you can...
Find them with:
Code:
find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -ld '{}' \;
You just remove the suid flag with "chmod -s file".
Comment