Home arrow Site Administration arrow Page 4 - Managing Users, Part 2

Critical Skill 5.4 - Understand SetUID and SetGID Programs - Administration

Why can SetUID programs be a bad thing? What happens if you forget to add the home directory for a user? Get answers to these and other questions in this, part 2 of Managing Users from the book Linux Administration, A Beginner's Guide, third edition by Steven Graham and Steve Shah (McGraw-Hill/Osborne, 0072225629, 2002). See this link for Part 1.

  1. Managing Users, Part 2
  2. Options userdel, usermod, groupadd, groupdel
  3. GUI User Managers
  4. Critical Skill
By: McGraw-Hill/Osborne
Rating: starstarstarstarstar / 15
June 29, 2004

print this article



Normally, when a program is run by a user, it inherits all of the rights (or lack thereof) that the user has. If the user canít read the /var/log/messages file, neither can the program. Note that this permission can be different than the permissions of the user who owns the program file (usually called the binary). For example, the ls program (which is used to generate directory listings) is owned by the root user. Its permissions are set so that all users of the system can run the program. Thus, if the user sshah runs ls, that instance of ls is bound by the permissions granted to the user sshah, not root.

However, there is an exception. Programs can be tagged with whatís called a SetUID bit, which allows a program to be run with permissions from the programís owner, not the user who is running it. Using ls as an example again, setting the SetUID bit on it and having the file owned by root means that if the user sshah runs ls, that instance of ls will run with root permissions, not with sshahís permissions. The SetGID bit works the same way, except instead of applying the fileís owner, it is applied to the fileís group setting.

To enable the SetUID bit or the SetGID bit, you need to use the chmod command, which is covered in detail in Module 6. To make a program SetUID, prefix whatever permission value you are about to assign it with a 4. To make a program SetGID, prefix whatever permission you are about to assign it with a 2. For example, to make the /bin/ls a SetUID program (which is a bad idea, by the way), you would use this command:

[root@ford /root]# chmod 4755 /bin/ls

Module 5 Mastery Check List (for parts 1 and 2):

  1. What information is stored in the /etc/passwd file?
  2. What information is stored in the /etc/shadow file?
  3. Does Linux use the username or the UID when performing operations pertaining to that user (such as file permissions)?
  4. Why can SetUID programs be a bad thing?
  5. What is the format of a user entry in the /etc/passwd file?
  6. What is the GECOS entry?
  7. How do you disable a user so they cannot access the system?
  8. What information is stored in the /etc/group file?
  9. What is the format of an entry in the /etc/group file?
  10. What happens if you forget to add the home directory for a user?
  11. Where is the list of available shells listed?
  12. What are startup scripts?

This chapter is from Linux Administration, A Beginner's Guide, third edition, by Graham and Shah. (McGraw-Hill/Osborne, 2002, ISBN: 0072225629). Check it out at your favorite bookstore today.

Buy this book now.

>>> More Site Administration Articles          >>> More By McGraw-Hill/Osborne

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates


Dev Shed Tutorial Topics: