HPE Community
Operating System - HP-UX
1838339 Members
3019 Online
110125 Solutions
New Discussion

about the permission!

 
leyearn
Regular Advisor

‎09-16-2003 05:46 PM

‎09-16-2003 05:46 PM

about the permission!

the oninit and ontape commands which is ni informix datebase have the permission:rwsr-sr-x
why do two "s" exist in one permission !
0 Kudos
Reply
4 REPLIES 4
Sridhar Bhaskarla
Honored Contributor

‎09-16-2003 05:56 PM

‎09-16-2003 05:56 PM

Re: about the permission!

Hi,


The "s" in first three bits is "suid". When the program runs, it will run as the owner of that file irrespective of whomsoever started it.

The s in next three bits is "sgid". So, when the program runs, it will run with the group as the group of that file irrespective of the group of the person running it.

For ex., if you set the owner of this file to "root" and if you start it as an ordinary user, then it will run as root.

These may open security issues on the system.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

‎09-16-2003 06:02 PM

‎09-16-2003 06:02 PM

Re: about the permission!

The first s means setuid. So when this command is run it is run as the owner of the file (doesn't matter who ever runs it)
And the second s means set GID, so when its is run it will be run as the group of that file irrespective of what group the user running the command belongs to.

This is soemtimes required coz when you run sucj commands and they try to access some files which do not belong to that group it will fail.

0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-16-2003 07:47 PM

‎09-16-2003 07:47 PM

Re: about the permission!


There is something called real user ID and effective UID. under the normal circumstances without the SUID bit set, the real user ID and the effective UID of a process will be set the same

The effective user id is used to determine file access permissions. When Set user ID bit is set then the effective user ID of the process will be set to the user ID of the owner of the executable.

Setuid can be set as follows

# chmod 4755 filename

the filename will have permissions rwsr-xr-x

# chmod 2755 fileset

will set the SGID.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-16-2003 09:11 PM

‎09-16-2003 09:11 PM

Re: about the permission!

take a look at the permissions of passwd

-r-sr-xr-x 5 root bin 45056 Nov 14 2000 /usr/bin/passwd


This is because the program needs to be able to update /etc/passwd, a file only root can change. SUID exists in this case to let a regular user update his password, which is in a file that user does not own.

In your case however, these programs have root priviledges. I know of very few reasons why a database program would need root priviledges.

This is a security hazard, because your database might be exploited to gain root priviledges and possibly control of your whole system.

Don't change it back however without checking with Informix support. Don't change it with the database running, you might crash it or lock its shared memory segments.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.