The file permissions bits include an execute permission bit for file
owner, group and other. When the execute bit for the owner is set to
"s" the set user ID bit is set. This causes any persons or processes
that run the file to have access to system resources as though they are
the owner of the file. When the execute bit for the group is set to
"s", the set group ID bit is set and the user running the program is
given access based on access permission for the group the file belongs
to. The following command:
chmod +s myfile
sets the user ID bit on the file "myfile". The command:
chmod g+s myfile
The listing below shows a listing of two files that have the group or user ID bit set.
-rws--x--x 1 root root 14024 Sep 9 1999 chfn -rwxr-sr-x 1 root mail 12072 Aug 16 1999 lockfile
The files chfn and lockfile are located in the directory "/usr/bin". The "s" takes the place of the normal location of the execute bit in the file listings above. This special permission mode has no meaning unless the file has execute permission set for either the group or other as well. This means that in the case of the lockfile, if the other users (world execute) bit is not set with permission to execute, then the user ID bit set would be meaningless since only that same group could run the program anyhow. In both files, everyone can execute the binary. The first program, when run is executed as though the program is the root user. The second program is run as though the group "mail" is the user's group. For system security reasons it is not a good idea to set many program's set user or group ID bits any more than necessary, since this can allow an unauthorized user privileges in sensitive system areas. If the program has a flaw that allows the user to break out of the intended use of the program, then the system can be compromised.
Nenhum comentário:
Postar um comentário