• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Thursday, March 07, 2013

    Understanding Special Permission SUID in Linux

    There are various blogs and websites available explaining about SUID and SGID now I won't say I will
    tell you something extra instead just adding one more to the list see if it can make any difference.

    Now above what I said you can skip that and returning to the point I will try to help you understand SUID, SGID and Sticky Bit along with some useful tips from my side in understanding the same.

    SUID:

    This is a abbreviation used for Set User ID which means that you are assigning a special permission on a user owner of any particular file or directory.

    Now what does it means and why do we use SUID?
    Assigning a user SUID means that you are giving him additional permission i.e user owner permission over the normal permission which he already has to run any executable file inside some directory on with the suid is applied. 

    Let me be more clear about the above statement with an example:
    By default there are a number of executable binary files in Linux which we use as commands which has to be run only as a super user i.e. root user but what if a normal user is allowed to run those commands. Now in that case even if you have given him sudo access he won't be able to run those commands as these are predefined to be run only as root and no one else.

    For example :
    mount, umount,ping, passwd, chage etc.

    Now the above mentioned commands can only be run as a super user. So when you check the permission of these commands
    # ls -l /bin/ping
    -rw
    sr-xr-x. 1 root root 36892 Jul 19 2011 /bin/ping

    # ls -l /bin/mount
    -rwsr-xr-x. 1 root root 73996 Dec 8 2011 /bin/mount

    # ls -l /bin/ping
    -rwsr-xr-x. 1 root root 36892 Jul 19 2011 /bin/ping

    Now as you see in the user permission section additional small (s) is there at the place of execute permission

    This means that all these commands have SUID set on it and if a normal user is given sudo permission to run these commands, they will run it as user owner's permission which in all the above case is root.

    Why do we use SUID?
    I hope I have explained this part above but still let me add a description with another example. Now there is some executable file whose owner is Deepak and it can only be run by deepak but still you want Amit to run the file so in that case instead of changing the owner of that file I will assign a SUID on it so that Amit can also run that file using Deepak's permission. So this is going to remove the complexity part and not only Amit any other random user who is allowed to run that file will run the same using ownership of deepak as I do not need to change the owner every time for some one to run the same executable file.

    Assigning SUID permission

    There are two ways to assign suid
    1. Octal (4)
    2. Symbolic (u+s)
    Octal method:
    # chmod 4755 /myscrip.sh
    # ls -l
    -rw
    srw-rw-. 1 root root 0 Oct 16 11:33 /myscript.sh


    Symbolic method:
    # chmod u+s /myscript.sh

    # ls -l
    -rw
    srw-rw-. 1 root root 0 Oct 16 11:34 /myscript.sh

    Removing SUID permission

    Octal method:
    # chmod 0755 /myscript.sh

    # ls -l
    -rwxrw-rw-. 1 root root 0 Oct 16 11:35 /myscript.sh


    Symbolic method:
    # chmod u-s /myscript.sh

    # ls -l
    -rwxrw-rw-. 1 root root 0 Oct 16 11:36 /myscript.sh

    Understanding the difference between Capital (S) and small (s) in SUID

    There might be time when you see a capital S and a small s after applying SUID on any file or directory
    Now it does not makes much difference on its working but instead it tells you something about the permission currently applied on the file.

    If the file where you are assigning SUID has user executable permission then after applying SUID you will get a small (s) but if the user doe not have execute permission before you apply SUID then you will end up with capital (S) after applying SUID.

    Let me show you the same with an example

    Before applying SUID without executable permission on user owner
    # chmod 655 /myscript.sh

    # ls -l
    -rw-rw-rw-. 1 root root 0 Oct 16 11:35 /myscript.sh

    After applying SUID without executable permission on user owner
    # chmod 4655 /myscript.sh

    # ls -l
    -rwSrw-rw-. 1 root root 0 Oct 16 11:35 /myscript.sh

    Before applying SUID with executable permission on user owner
    # chmod 755 /myscript.sh

    # ls -l
    -rwxrw-rw-. 1 root root 0 Oct 16 11:36 /myscript.sh

    After applying SUID with executable permission on user owner
    # chmod 4755 /myscript.sh

    # ls -l
    -rwsrw-rw-. 1 root root 0 Oct 16 11:36 /myscript.sh

    So I hope you have got my point of view and must have understood the difference between capital (S) and small (s)

    Finding all the executable files with SUID

    # find / -perm +4000
    where +4000 is the ID we use for assigning permission in octal method.

    Follow the below links for more tutorials

    What is a Kernel in Linux?
    How does a DNS query works when you type a URL on your browser?
    How to create password less ssh connection for multiple non-root users
    How to create user without useradd command in Linux
    How to unlink/delete a symbolic in Linux
    How to give normal user root privileges using sudo in Linux/Unix
    How to do Ethernet/NIC bonding/teaming in Red Hat Linux
    How to install/uninstall/upgrade rpm package with/without dependencies
    How to extract files to different directory using tar in Unix/Linux
    How to preserve Symbolic links with tar command in Unix/Linux
    How to give permission to user to run some commands in Linux
    How to set environment (PATH) variable permanently in Linux
    How to mount windows share on linux

    0 comments:

    Post a Comment