[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] SUID bit - how do I set it?

To: "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] SUID bit - how do I set it?
From: "Chris J/#6" <nospam [at] nccnet.co.uk>
Date: Fri, 25 Aug 2000 23:54:14 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: nospam [at] infinitum.madhouse
Sender: sheflug-bounce [at] vuw.ac.nz


>  I'm installing GNUPG instead of PGP after my reinstall...it needs to be
> run with the SUID bit set for security.

Wise choice ... seen the thread in sci.crypt (and other groups) - security 
hole in PGP v5 & 6. Zimmerman's acknowledged it and there's a CERT advisory 
out.

> 
>  How do I set it?
> 
>  I'm assuming I'll be using the first digit of a 4 digit chmod (2644,
> 1644) - but so far I've only figured out how to use a 3 digit (644, 666,
> 777 etc).
> 
>  What do the various values of a 4 digit file permission do?
> 

chmod 1555 <spec> gives (in ls -ls terms)  r-xr-xr-t
	This means the program text segment is kept in memory/swap 
	... it's a speed thing really. Hardly used on files...more
	often used on directories...when it is, it means that files can
	only be deleted by the owner of the file rather than whoever has
	write perms on the directory (excluding root). Used in this way
	on /tmp so you can't delete other peoples files in a world-writable
	directory.

chmod 2555 <spec> gives r-xr-sr-x
	File is SGID and will run as the group the file belongs to.
	For /directories/ it means any file created in that directory will
	inherit the group of the directory as its group. In this case
	it's useful for shared environemnts.

chmod 4555 <spec> gives r-sr-xr-x
	File is SUID and will run as the user the file belongs to.
	For /directories/ it means any file created in that directory will 
	inherit the owner of the directory as its owner. May have a use,
	not found one yet :)


If the set-ID bit (SUID or SGID) is set but the execute bit isn't set, then 
you'll see (assume I've done chmod 7444 <spec>) on an ls -l :
	r-Sr-Sr-T

ie, capital letters. This allows you do distinguise set-id + execute 
variations :) eg:
	rwSr-s--t
would indicate
	chmod 7451
while is probably useless, but I'm just showing a point 'ere :)

HTH,

Chris...


-- 
@}-,'--------------------------------------------------  Chris Johnson --'-{ [at] 
    / "(it is) crucial that we learn the difference / sixie [at] nccnet.co.uk  \
   / between Sex and Gender. Therein lies the key  /                       \ 
  / to our freedom" -- LB                         / www.nccnet.co.uk/~sixie \ 


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- [Sheflug] Re: SUID bit - how do I set it?
  - From: Richard <richard [at] sheflug.co.uk>
- [Sheflug] Kmp3
  - From: "Ian Wright" <Ian [at] iw63.freeserve.co.uk>
- Re: [Sheflug] SUID bit - how do I set it?
  - From: "Stephen J. Turnbull" <turnbull [at] sk.tsukuba.ac.jp>

References:
- [Sheflug] SUID bit - how do I set it?
  - From: Barrie Bremner <TheEnglishman [at] ecosse.net>

Prev by Date: [Sheflug] SUID bit - how do I set it?
Next by Date: [Sheflug] Re: Help with ftp and MSIE5.5
Prev by thread: [Sheflug] SUID bit - how do I set it?
Next by thread: [Sheflug] Re: SUID bit - how do I set it?
Index(es):
- Date
- Thread