Just a bit more info (for those who wish and/or care to know..) :)
The 'chmod' (Change Mode) command in the *nix world has two different
methods (modes) of operation. One is known as the 'symbolic' mode, and is
represented by an octal number. For those who aren't mathematically
inclined (most aren't), all you need to know is that there are certain
possible 'sets' of numbers that represent a certain 'permission' set given
to a file (or directory). These numbers are preceded 'chmod'. Here's a
sample:
chmod 0777 pooty
This command will change the file 'pooty' permissions to give ALL users
read, write and execute capability.
Now here's how these 'octal numbers' can be put together to get the results
we want:
1000 Sets what is known as the 'sticky bit' that saves text in memory
upon execution (superuser stuff)
4000 Will 'set' user ID on execution of the file (same as 'u+s')
20*0 Sets group ID on execution when the * is a 1, 3, 5 or 7.
Sets 'mandatory locking' when the * is a 0, 2, 4 or 6
Now for the more 'regular' octally assigned privileges:
0100 Execute file (or access directory) -- owner
0200 Write to file --owner
0400 Read file -- owner
0010 Execute file (or access directory) --group
0020 Write to file -- group
0040 Read file -- group
0001 Execute file (or access directory) -- others
0002 Write to file -- others
0004 Read file -- others
0000 No permissions (cold, huh?)
You can combine the above sets to achieve the results you're after. If I
want to give the owner and the group the ability to read a file called
'pooty', I simply use the command 'chmod 0440 pooty'. Notice the pattern?
Owner read, write and execute privileges constitute the SECOND column of the
4 digit 'set'. Group read, write and execute privileges are in the THIRD
column, and others privileges are set in the FOURTH.
Here's another common combination that allows read and write permissions to
all users for 'pooty':
chmod 0666 pooty
That's some basics to chew on. Also be aware that the 'setuid' (4000),
'setgid' (20*0) and the notorious 'sticky bit' (1000) settings are only
functional for binary executable files. They don't do anything on text
files (e.g. ASCII scripts, etc).
The other method (mode) of modifying file/directory permissions is known as
the 'symbolic mode'. It's easier for some folks to remember, since the
commands use letters instead of numbers. Here's the letters:
a All users
g Group
o Others
u User
r Read
w Write
x Execute
In symbolic mode, using a plus (+) sign ADDS a permission, while using a
minus (-) REMOVES it. You may also use an equal (=) sign to specify that a
particular permission is the ONLY ONE. Here's some samples:
chmod a+rwx pooty
Gives all users read, write and execute permissions on the file 'pooty'.
(Same as chmod 0777).
chmod ug+r pooty
Gives the user and group read permissions on the file 'pooty'. (Same as
chmod 0440).
There's more to it, of course, but this should give you a basic idea of how
it all works.
Hokay, I'm half asleep, going to bed now.... G'nite.
-----Original Message-----
From: dreamwvr <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, June 10, 1998 3:49 PM
Subject: Re: setuid ? how ?
>If memory serves chmod 4755 /path/to/pppd
>
>At 08:16 AM 6/10/98 -0700, you wrote:
>>I have a similar question. I want to use ezppp as a non-root user, but i
>>get a message saying:
>>
>> must be root to run pppd, since it is not setuid-root
>>
>>I went to the man pppd page but still couldn't figure out what to do.
>>
>>Leston
>>
>>At 01:30 PM 6/10/98 +0300, you wrote:
>>>how do I change the uid under which a program runs ?
>>>is it possible for a regular user to run a program that requires root
>>>privileges ? (like "shutdown -r now")
>>>what is setuid/suid ?
>>>
>>>bcd
>>
>>Leston Buell
>>
>>"Paradise is exactly like where you are right now,
>> only much, MUCH better."
>> --Laurie Anderson
>>
>>http://ourworld.compuserve.com/homepages/leston
>>[EMAIL PROTECTED]
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
