Page 163 - DCAP106_OPERATING_SYSTEM_TOOLS
P. 163

Operating System Tools




                    Notes          The setuid or setgid flag is another specific privilege that is identified before. When set on an
                                   executable  (non-script!),  the  executable  is  executed  with  the  rights  of  the  owner  (setuid)  or
                                   owning group (setgid) instead of with the rights of the person that is executing it. That does
                                   mean that people with no root privileges can still execute commands with root privileges if those
                                   commands have the setgid flag set. For this reason, the number of executables with the setuid/
                                   setgid bit set need to be limited and well audited for possible security exposures.


                                          Example:
                                   /bin/mount is a nice example of this flag:

                                   $ stat /bin/mount
                                     File: `/bin/mount’
                                     Size: 59688      Blocks: 128        IO Block: 4096   regular file
                                   Device: 808h/2056d Inode: 262481      Links: 1
                                   Access: (4711/-rws--x--x)  Uid: (    0/    root)   Gid: (    0/    root)
                                   Access: 2010-02-06 13:50:35.000000000 +0100
                                   Modify: 2013-01-02 13:50:35.000000000 +0100
                                   Change: 2013-01-02 13:50:43.000000000 +0100
                                   In order to  change the privileges of a file or directory, it is required to use the chmod command
                                   (change mode). Its syntax is easy enough to remember well. First, the target permissions:

                                   z z  ‘u’ for user,
                                   z z  ‘g’ for group, and
                                   z z  ‘o’ for everybody else (others).
                                   Then you can set (=), add (+) or remove (-) privileges.


                                          Example: To make /etc/passwd writeable for the members of the owning group:
                                   # chmod g+w /etc/passwd
                                   Privileges can also be combined.

                                          Example: If you want to remove write privileges for the owning group and remove read
                                   privileges for the others:
                                   # chmod g-w,o-r /etc/passwd
                                   Finally, the  numeric notation can also be used required:

                                          Example:

                                   # chmod 644 /etc/passwd
                                   When you need to change the ownership of a file or directory, use the chown (change owner)
                                   or chgrp (change group) command.


                                          Example: To change the owner of a file to the user “jack”:
                                   # chown jack template.txt
                                   If you want to  change the owner of a file, you need to be root.  It will not help if you are the
                                   current owner. This is not true for the group though: if you are a member of the target group, you
                                   can change the owning group.




          156                              LOVELY PROFESSIONAL UNIVERSITY
   158   159   160   161   162   163   164   165   166   167   168