1)SUID
2)SGID
3)STICKY BIT
###################### SUID. #############################
1)SUID stands for Set User ID.
2)SUID allows applications to run by normal user with privileges of root user.
3)That means in case I have an application (eg.ping) whose owner is 'root' and it has its SUID bit
set, then when I run this application as a normal user, that application would still run as root.
4)By default the SUID will be applied on ping so that the normal users will also can ping to other
systems.
Implement SUID.
1)Impliment the SUID on ping.
#chmod 4755 /bin/ping
By this command we stop the normal users to ping the other machines.
-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping
2)To remove the SUID.
#chmod 0755 /bin/ping
-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping
EX.
1)To create directory.
#mkdir /vikas
2)To implement the SUID on /vikas directory.
#chmod 4755 /vikas
#ll /
drwsr-xr-x 2 root root 4096 Feb 12 12:15 vikas
3)create users.
#useradd u1
#useradd u2
#passwd u1
#passwd u2
4)login by the users & go to /vikas directory.
#su - u1
u1$cd /vikas
u1$touch 11
touch: cannot touch `11': Permission denied
"That mince normal users can not create the file into /vikas directory."
5)To remove the SUID.
#chmod 0755 /vikas
######################## SGID ###########################
*SGID is used for group inheritance.
when SGID is applied to a directory, all sub directories & files created by any user in that particular directory would be owned by the specified group, regardless of user’s group.
1)To create directory.
#mkdir /sales
2)To implement the SGID on /vikas directory.
#chmod 2755 /sales
#ll /
drwxr-sr-x 2 root root 4096 Feb 12 12:32 sales
3)create users.
#useradd u1
#useradd u2
#passwd u1
#passwd u2
4)create group.
#groupadd sales
5)Add users into the group.
#gpasswd -a u1 sales
Adding user u1 to group sales
#gpasswd -a u2 sales
Adding user u2 to group sales
6)To check.
#tail /etc/group
sales:x:502:u1,u2
7)To login by user.
# su - u1
u1$cd /sales
u1$touch 22
touch: cannot touch `22': Permission denied
*That mince users can not create the files in /sales directory because they are in sales group.
we apply the SGID on /sales directory. If users are not in the sales group so he can create the files into the sales directory.
####################### STICKY BIT ##########################
sticky bit :- It is used to secure files. The files from the sticke bit
directory can be deleted by the owner of the file only.
# chmod o+t /test # chmod 1777 /test
# chmod o-t /test # chmod 777 /test
How to do :->
# mkdir /test
# chmod 777 /test
# chmod 1777 /test
