☁️
Doongsil DEV BOARD

linux) setuid/gid & sticky bit

📅 2025-03-16 📖 2 Read Time ✏️ 358 Words
linux

SetUID/GID

  • SetUID: When executing a file, the process runs with the file owner's ID instead of the user's ID.
  • SetGID: When executing a file, the process runs with the file's group ID instead of the user's group ID.

Purpose

Granting permissions to a program that the user does not possess.

Typically used when running specific commands with root privileges.

Warning

As it can lead to privilege escalation,
using capabilities with fine-grained permissions is more secure.

Setting and Unsetting

 1# setuid
 2## set
 3chmod u+s my_binary
 4chmod 4___ my_binary
 5## unset
 6chmod u-s my_binary
 7
 8# setgid
 9## set
10chmod g+s my_binary
11chmod 2___ my_binary
12## unset
13chmod g-s my_binary
14
15## The 'x' part in rwx is displayed as 's'

User ID

  • UID (User ID): A unique ID number assigned to a user.
  • Login name: A string representation of the user name mapped to the UID.

Process Perspective

  • Real user ID
    • The UID of the user who initially executed the process.
  • Effective user ID (EUID)
    • The UID that the current process is exercising.
    • Used for determining the process's permissions.
    • By default, it is the same as the Real UID.
  • Saved user ID (SUID)
    • The initial effective user ID of the process.
    • Used to revert to the original EUID.
    • Stores the previous EUID when executing a setuid executable.
setuid

  • When executing a file, the owner's UID of that file becomes the process's effective UID.

    e.g., If a regular user executes a setuid file owned by root, that process gains root privileges.

Sticky bit

Restricts the deletion permission of files within a directory.

Only the file owner, directory owner, or root user
can delete or rename files.

Renaming a file

This is the operation of removing an existing file from the directory entry and
linking it again with a new name.

  • File creation: Possible
  • File modification: Possible if the file has write permission.

Setting and Unsetting

1# set stickybit
2## set
3chmod +t /testdir
4chmod 1___ my_binary
5## unset
6chmod -t /testdir
7
8## The 'x' part in rwx is displayed as 't'

Permissions in a Directory

Permission When Applied to a Directory
r (read) Allows viewing the directory listing with the ls command.
w (write) Allows creating and deleting files within the directory.
x (execute) Allows accessing the directory (can execute cd).

Reference

linux
Post
Category
Series
🏠 Back to Home