Tuesday, October 23, 2012

What is su doing?

su is a small *nix program that switches to another user and spawns a shell running as that user. What su is exactly doing is:

1. fork()
2. For the child process
    2.1 set_uid to the user given as an argument. If none, set_uid to root
    2.2 execv() a shell, whatever the default/specified shell it is
3. For the parent process
    3.1 wait for the child process

Notes:

  • set_uid will fail if su is not running as root
  • To make su run as root, the su binary must be owned by root and with the set_uid bit set
Posted by at No comments:

[Copied]Setting the SUID/SGID bits

SetUID bit, the executable which has the SUID set runs with the ownership of the program owner. That is, if you own an executable, and another person issues the executable, then it runs with your permission and not his. The default is that a program runs with the ownership of the person executing the binary.

The SGID bit is the same as of SUID, only the case is that it runs with the permission of the group. Another use is it can be set on folders,making files or folders created inside the SGID set folder to have a common group ownership.

Note : Making SUID and SGID programs completely safe is very difficult (or maybe impossible) thus in case you are a system administrator it is best to consult some professionals before giving access rights to root owned applications by setting the SUID bit. As a home user (where you are both the normal user and the superuser) the SUID bit helps you do a lot of things easily without having to log in as the superuser every now and then

Setting SUID bits on the file:
Suppose I got the executable called "killprocess" and I need to set the suid bit on this file, go to command prompt and issue command: chmod u+s killprocess

Now check permission on the file with command ls -l killprocess, observe "s" that has been added for suid bit

-rwsr-xr-x 1 root root 6 Jun  7 12:16 killprocess

Setting GUID bits on the file:
go to command prompt and issue command: chmod g+s killprocess
This will set the GUID bit on the same file, check the permission on this file using command: ls -l killprocess
 
-rwsr-sr-x 1 root root 6 Jun  7 12:16 killprocess

Read more: http://linuxpoison.blogspot.com/2009/06/setting-suidsgid-bits.html#ixzz2AA1giWxi

Copyright of Nikesh Jauhari
Source Link: http://linuxpoison.blogspot.com/2009/06/setting-suidsgid-bits.html
Posted by at No comments:
Subscribe to: Posts (Atom)