topic Re: why 4755? in Operating System - HP-UX

why 4755?

Lalo_Weng — Mon, 23 Dec 2002 09:57:12 GMT

Hello, Rajvee,

I have a question here. Why do we have to set the permission with 4755 instead of 755?

Thanks a lot!

Re: why 4755?

T G Manikandan — Mon, 23 Dec 2002 10:13:36 GMT

4755 is different from 755

4755 is providing the setgid permissions i.e.
rwx-r-sr-x in the file.

When setgid permission is set on an executable file, a
process that runs this file is granted access based on the group of the file rather than the user who is running the executable file.

This allows a user to
access files and directories that are normally only available to the owner/group.

for example consider the mail command
/usr/bin/mail

-r-sr-sr-x 2 root mail 45056 Nov 7 1997 /usr/bin/mail
Here the owner and group are root and mail.

Having setgid on this executable makes the normal users to obtain the group privileges(mail group) during the execution of this command// only during the execution//

Thanks

Re: why 4755?

Frank Slootweg — Mon, 23 Dec 2002 13:18:50 GMT

Minor, but important, nit:

4XXX is set *user* ID.

[2XXX is set group ID. 6XXX is set user and group ID.]

For details see the chmod(1) manual page.

Re: why 4755?

T G Manikandan — Mon, 23 Dec 2002 13:24:34 GMT

I have completely messed up.
Yes,
4 is setuid
2 is setgid

4755 is enabling setuid permissions.

THe same process applies to setuid.
WHen you assign setuid for the file then the user executing it will be allowed for the privileges of the owner during the time of execution.Like the /usr/bin/passwd command.
Even though the normal users do not have privileges to edit the /etc/passwd file but by using /usr/bin/passwd they can change the password.
So setuid is enabled on the /usr/bin/passwd executable so that the roor privileges are got during the time of execution of the passwd command thus changing password and updating the password file.

Thanks