HPE Community
Operating System - HP-UX
1752600 Members
4437 Online
108788 Solutions
New Discussion юеВ

Re: setuid, setgid and sticky bit?

 
SOLVED
Go to solution
Shahril M
Frequent Advisor

тАО05-15-2007 04:05 PM

тАО05-15-2007 04:05 PM

setuid, setgid and sticky bit?

Hi folks,

Hope this is the correct category.

I need to explain to user in layman terms the impact of a _directory_ with the flwg perms:
drwsrwsr-t 5 flnpac users

TIA.

Rgds,
Shahril
0 Kudos
Reply
4 REPLIES 4
Senthil Kumar .A_1
Honored Contributor

тАО05-15-2007 04:17 PM

тАО05-15-2007 04:17 PM

Solution

Re: setuid, setgid and sticky bit?

Some info....

setuid and setgid flags on a directory have an entirely different meaning.

Directories with the setgid permission will force all files and sub-directories created in them to be owned by the directory group and not the group of the user creating the file. The setgid flag is inherited by newly created subdirectories.

The setuid permission set on a directory is ignored on UNIX and Linux[citation needed] systems, but FreeBSD interprets it similarly to setgid, namely, all files and sub-directories are forced to be owned by the directory owner.[1]


The most common use of the sticky bit today is on directories, where, when set, items inside the directory can be renamed or deleted only by the item's owner, the directory's owner, or the superuser.

SK
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО05-15-2007 04:17 PM

тАО05-15-2007 04:17 PM

Re: setuid, setgid and sticky bit?

The setuid bit (4000) has no significance on a directory. The setgid bit (2000) may or may not be significant on a directory. On BSD UNIX derivatives, it means that the group id of a file created under that directory is determined by that of the directory rather than the effective group id of the creating process -- this does not apply to HP-UX. The sticky bit (1000) when applied to a directory means that only the owner (or a superuser) is allowed to remove a file from that directory. Normally, any user who has write permission on the directory can remove a file in that directory regardless of the permissions (more properly mode) of the file itself. The sticky bit adds the requirement that the file must also be owned by the user (or more accurately the effective UID of the removing process must be that of the file's owner or 0).
If it ain't broke, I can fix that.
Reply
mavrick
Regular Advisor

тАО05-21-2007 10:12 AM

тАО05-21-2007 10:12 AM

Re: setuid, setgid and sticky bit?

Hi,

The stickbit(t) in the directory protect the
user files inside the directory against the
deletion from other users or any type of intruders/hackers...

Setuid i don't think any significance for a directory. Normally the setuid permission allows the normal user to execute the files owned by the supersuer..

Any other clarifications !
0 Kudos
Reply
Shahril M
Frequent Advisor

тАО05-21-2007 08:16 PM

тАО05-21-2007 08:16 PM

Re: setuid, setgid and sticky bit?

Hi folks,

Thanx for your replies. Here is what I wrote:
" ... any file created by anyone with access to this directory, will have the group "users". And that files can only be deleted by their owner."

Any further comments? Anything technically/factually wrong with what I wrote?

I also wish to share a discovery. Copying files from elsewhere to this dir will result the copied file to have the directory's group. But moving will retain the file's original group. Is this known and intended behaviour? I ask because I have never seen any documentation or literature describing such.


Rgds,
Shahril
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.