Special Permissions (SUID,SGID and StickyBit ) In Linux :: SUID Bit :...

Special Permissions (SUID,SGID and StickyBit ) In Linux :: SUID Bit : Part-1/3

by -
0 678

Special Permissions (SUID,SGID and StickyBit )  In Linux

The regular file and directory permissions in Linux world are read write and execute permissions on owner, group and other levels. This post discusses special permissions for files and/or directories.

How and why would I set a SUID/SGID bit on a file ?

A user can gain superuser privileges by executing a program that sets the user ID (UID) to root. Also, all users can set special permissions for files they own, which constitutes another security concern.

When set-user identification (setuid) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who is running the executable file. This special permission allows a user to access files and directories that are normally only available to the owner.

Cons: Disadvantages

Setting the SUID/SGID bit for a program to the ‘root’ user should actually be discouraged. If the program is badly written and can be manipulated via (malicious) input, it could allow a normal user to gain root privileges or access to files which that user should not be able to access.

Pros: Advantages

/sbin commands usually can use by user root, now can be operated by users too if we provide suid bit on such command like shutdown. ( run as Administrator like in Windows)

How can I setup SUID  ?

Sticky Bit can be set in two ways

  1. Symbolic way (s,represents SUID bit)
  2. Numerical/octal way (4, SUID Bit bit as value 4)

 Use chmod command to set SUID bit to a file

Symbolic way:

#chmod u+s  file1

 suid bit   is applied on  file file1

Or we can use Numerical ways to implement suid bit

Numerical way:

#chmod 4757 file1

Here in 4757, 4 indicates SUID  Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.

Checking if a file is set with SUID  Bit or not?

Use ls -l to check if the x in others permissions field is replaced by s or S

For example:  file  file1 listing before and after SUID  Bit set

Before SUID Bit set:

[root@gateway1 ~]# touch file1

[root@gateway1 ~]#

[root@gateway1 ~]# ls -l

total 0

-rw-r–r– 1 root root 0 Jul  3 17:19 file1     <——— before forcing  SUID bit

[root@gateway1 ~]#

[root@gateway1 ~]#

[root@gateway1 ~]# chmod 4757 file1

[root@gateway1 ~]#  ls -l

total 0

-rwsr-xrwx 1 root root 0 Jul  3 17:19 file1    <———— after  force SUID bit

-rwsr-xrwx        <——————-here  s   stand for suid bit here

 

Difference between s   and  S  here in SUID  bit ?

Here we created two files file2 nad file3 with different permission

[root@gateway1 ~]# touch file2
[root@gateway1 ~]# chmod 777 file2
[root@gateway1 ~]# touch file3
[root@gateway1 ~]# ls -l
-rw-r–r– 1 root root 0 Jul  3 17:24 file3

[root@gateway1 ~]# ls – l

total 0

-rwxrwxrwx 1 root root 0 Jul  3 17:23 file2
-rw-r–r– 1 root root 0 Jul  3 17:24 file3

now force SUID bit  on both

[root@pc2 /]# chmod u+s  file2
[root@pc2 /]# chmod u+s   file3

Now show list

[root@gateway1 ~]# ls -l

total 0

-rwsrwxrwx 1 root root 0 Jul  3 17:23 file2  <—- -rwsrwxrwx

-rwSr–r– 1 root root 0 Jul  3 17:24 file3      <–       -rwSr–r–

[root@gateway1 ~]#

here small s means permission executive share with SUID bit ( x+ suid bit =s ) and capital S means  here no executive permission is available here ( – + suid bit =S )

suppose you have permission 755 on file1 and 644 on directory  file2  you can force SUID bit by numerical way too

[root@pc2 /]# chmod 4755 file1             <———- here 4 represent SUID bit
[root@pc2 /]# chmod 1644 file2                <———- here 4 represent SUID  bit

Result will be like

[root@gateway1 ~]# ls -l

total 0

-rwsr-xr-x 1 root root 0 Jul  3 17:19 file1   <——————-rwsr-xr-x
-rwSr–r– 1 root root 0 Jul  3 17:23 file2    <——————rwSr–r–

 Examples:

Normal user ( I have created a user vikas here )  can not shutdown or reboot the pc by default, if I enable SUID bit on the command binary, then user vikas or any ordinary user can run shutdown command. Because an user can run this command with root privilege.

[root@gateway1 ~]# which shutdown

/sbin/shutdown
[root@gateway1 ~]# ls -l /sbin/shutdown

-rwxr-xr-x. 1 root root 60400 Jun 25  2013 /sbin/shutdownß————normal command only root can execute

Now we can apply SUID bit on this file

[root@gateway1 ~]# chmod u+s /sbin/shutdown

Or

[root@gateway1 ~]# chmod 4755 /sbin/shutdown

Result will be as

[root@gateway1 ~]# ls -l /sbin/shutdown

-rwsr-xr-x. 1 root root 60400 Jun 25  2013 /sbin/shutdown   <———– -rwsr-xr-x

[root@gateway1 ~]#

Now an ordinary user can shutdown  the server.                       <——–try this

Have you ever thought, how a non-root user can change his own password when he does not have write permission to the /etc/shadow file.

Because  passwd command binary (/usr/bin/passwd ) is already applied with SUID bit on

By default an ordinary user cannot change /etc/shadow file ( password file ) but user can easily change their own password by their own. Because passwd command binary was already applied with SUID bit. Now using passwd command user able to change /etc/shadow file.

[root@gateway1 ~]# which passwd

/usr/bin/passwd

[root@gateway1 ~]# ls -l /usr/bin/passwd

-rwsr-xr-x. 1 root root 30768 Feb 22  2012 /usr/bin/passwd

[root@gateway1 ~]#

 

Enjoy Linux …it Works..!!

( If you liked this post, Please comment and share )

 

 

 

CEO, KV IT-Solutions Pvt. Ltd. | vikas@kvit.in | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF

SIMILAR ARTICLES

0 1037

0 697

NO COMMENTS

Leave a Reply

Required Captcha *