Special File Types   «Prev  Next»
Lesson 5SUID and SGID permissions
ObjectiveExplain the use of the SUID and SGID permission bits

Explain use of the SUID and SGID permission bits

The SUID bit allows a program to run with more permissions than the person who started the program would ordinarily be entitled to. Many system programs have the SUID bit set because they need to modify various system files. These system files still need to be protected from individual users. One classic example of use of the SUID bit is the case of the passwd program. This program changes a user's login password. To do this, it must write the new password into the system password database. For obvious reasons, the system password database must be write-protected against all users. Therefore, if you run passwd with only your permissions, it cannot do its job. However, the file
/bin/passwd
is owned by root and has the SUID bit set. When passwd is run, the resulting process has an effective user ID equal to root, and can therefore write to the password database.
The SGID bit works like the SUID bit, but for group ownership. The SUID and SGID bits are printed by ls –l by putting an s in the execute slot for user and group respectively, so that you will see a string like
rwsr-sr--
. The SUID and SGID bits are set with chmod, just like other permission bits:

chmod u+s file
chmod g+s file

The SUID and SGID permissions are crucial for system operation. However, because they allow a user to acquire more permissions temporarily than he or she might ordinarily be entitled to, they are a common source of serious security problems. Some rules of thumb:
  1. Never use SUID or SGID unless it is absolutely necessary.
  2. Never create an SUID or SGID shell script or interpreted program. The method by which the system handles such interpreted programs is not sufficiently secure. Use C or other compiled code instead.
  3. If you do use SUID or SGID, do not have the affected process change to an effective user ID equal to root. Set the file to be owned by a more restricted user, so that even if the process is commandeered somehow, the entire system will not be compromised. This situation represents an exception to the rule of using the fewest permissions necessary to do the job.

Real and effective IDs

Now that you’ve learned about SUID and SGID, let’s return for a moment to real and effective IDs. Most of the time, the real and effective IDs for a process are the same. In two important cases, however, they are different:
  1. Some commands force a change in effective user ID for a new process. The su command is the most common example.
  2. If the SUID permission bit is set on an executable file, then when that file is executed, it runs with its effective user ID set to that of the owner of the file, not that of the user who started the program.

Process Ownership Permissions-Quiz

Click the Quiz link below to take a short multiple-choice quiz on process ownership and permissions.
Process Ownership Permissions-Quiz

|