Oswald Buddenhagen said: >> Can anyone explain this to me in plain english? Like, what the difference >> is between chmod 4750 and chmod 750 -- and how it effects the files' >> execution? > > every user has an id, as you probably know. > if the file is executed normally (ie, permissions are 750), then the > program runs with the user id of the user, who started it, and thus has > the permissions to do the things, that the "runner" is able to do. > if the set-uid bit is set (ie, 4750), then the program's user id will be > set to the id of the user, who owns the file. so if the program file is > owned by root and it is set-uid, then the program will get root > permissions - no with regard to that, by whom it is executed. > that's the reason, why set-uid programs have to be done with special > care: they have potentially very much power.
OK, I understand the what you've said above, but give me an example. I have seen what happens when /bin/su is not setuid, but WHY does it have to be like that, and WHY does it do what it does when it's not setuid? I've seen a lot of other binaries in this predicament:
[root-> /bin]% ls -l | grep rws -rwsr-xr-x 1 root root 20164 Apr 17 1999 login -rwsr-xr-x 1 root root 52788 Apr 17 1999 mount -rwsr-xr-x 1 root root 14804 Apr 7 1999 ping -rwsr-x--- 1 root wheel 13208 Apr 13 1999 su -rwsr-xr-x 1 root root 26508 Apr 17 1999 umount Many more, of course.. Brian
