On Wed, 25 Oct 2000, John MacLean wrote:
> Hi all,
> Anyone want to give me an explanation of the 'extended' permissions bits.
> Such as
> suid - program runs with root permissions?
> guid - program runs with group permissions?
> sticky - only original creator can delete? What about other members of the
> group? What about root? Does this hold even if others have write access?
>
sticky = 1000 = ---------T
sgid = 2000 = ------S---
suid = 4000 = ---S------
in each case the 'special' letter is shown where the execution bit normally
appears. A capital letter means the execution bit is not set, a lower case
letter means the execution bit is set.
when you do a chmod and specifiy less than 4 digits it assumes the missing
leading numbers are 0. so "chmod 777" == "chmod 0777"
these extra bits have different meanings depending it is refering to a
directory or a file.
Sticky on a file is depreciated and (as far as I know) as no effect.
Sticky on a directory means that even if you have read/write permissions to
a file in that directory you can not delete the file unless you are its
owner (being in the group is insufficent.) The sticky bit is not inheriented
by files or directories created within the stick directory.
sgid on a file means that executing the file will be done with the
effective guid set to match the file.
sgid on a directory means that files and directories created with in that
directory will be owned by the same group as the parent directory regardless
of the guid of the user creating the file. Directories created under a
sgid directory will inherient the sgid bit so that it will continue to
propgate down the tree.
suid on a file means that executing the file will be done with the effective
uid set to match the file.
suid on a file is depreciated and (as far as I know) as no effect.
The best way to get it straight in your head is experimentation becuase it
can get wierd. Like...
---S---rwx 1 root wheel 316848 Oct 26 11:10 /tmp/bash
... means that anyone can get a suid shell as long as they are not root
already or in the wheel group. I think I'll delete that example now... ;)
M.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
