Web Images Videos Maps News Shopping Gmail more »
Recently Visited Groups | Help | Sign in
Google Groups Home
alt.linux
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion Directory permissions (newbie question)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
menno  
View profile  
 More options May 22 2003, 4:39 am
Newsgroups: alt.linux
From: "menno" <me...@desktop.local>
Date: Thu, 22 May 2003 08:39:47 GMT
Local: Thurs, May 22 2003 4:39 am
Subject: Re: Directory permissions (newbie question)
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author

On Thu, 22 May 2003 01:55:33 +0000, Peter wrote:
> Hi Menno / Mari,

Hello again.

> Thanks for your help. I appreciate it!

No problemo.

> I'm using:
> chmod 1770 /home/shared

Good.

> I've reread the man file on chmod, and finally (with some testing)
> believe that I understand it. [...]

Way to go.

> I assume that "setting the user id" (4) and "group id" (2) in the first
> byte is equivalent to using the chgrp and chown commands,

No it's not - "equivalent to using the chgrp and chown commands".
If you suid/sgid an executable and run it as another user the "efective
user/group id" of the process will be that of the user/group owning the
file (not the one running it).

To illustrate, copy and paste the following in a file "get_sugid.c":
-----------------------------------------------------

#include <stdio.h>
/* We need this for getuid()/sgid() */
#include <unistd.h>
#include <sys/types.h>

int main(void){

        printf("Real UID\t= %d\n", getuid());
        printf("Effective UID\t= %d\n", geteuid());

        printf("Real GID\t= %d\n", getgid());
        printf("Effective GID\t= %d\n", getegid());

        return 0;

}

-------------------------------------------------------

And compile it using:
gcc get_sugid.c -o get_sugid

Now try out some differend user/group permission combinations and fire it up as
differend users (setting the first bit to "0" "2", "4" and "6")

There is a use for the "sgid" bit on non executable files also. As it is
used for (System V style) mandatory file locking as well. You will
probaply never have to use this (applications set it for you).

> so I will
> always just set that bit to 0 or 1 and use the chgrp and chown commands.

That is the way i go about it, as well. If some user needs accesse just
stick 'am in the group(s).

I always rip the rights for "others" of of any suid-binarys as well
(of couse "chgrp"ing those files to new groups and putting users that need
the functionality in those groups).

You can "find" suid files using:
find / -type f -perm +4000 -ls 2>/dev/null

man find

--
-Menno.


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google