Information AboutSetgid |
| CATEGORIES ABOUT SETUID | |
| unix | |
|
Setuid and setgid are needed for tasks that require higher privileges than those which a common user has, such as changing his or her login password. Some of the tasks that require elevated privilege may not immediately be obvious, though -- such as the Ping command, which must send and listen for Control Packet s on a network interface. SETUID ON EXECUTABLES When a binary executable file owned by Root has been given the setuid attribute, normal users on the system can execute this file and gain Root privileges within the created Process . When root privileges have been gained within the Process , the application can then perform tasks on the system that regular users normally would be restricted from doing. While the setuid feature is very useful in many cases, it can however pose a security risk if the setuid attribute is assigned to Executable programs that are not carefully designed. Users can Exploit vulnerabilities in flawed programs to gain permanent Elevated Privileges , or unintentionally execute a Trojan Horse program. The setgid attribute will allow for changing the group based privileges within a process, like the setuid flag does for user based privileges. SETUID ON DIRECTORIES Setuid and setgid flags on a directory have an entirely different meaning. Directories with the setuid/setgid permission will force all files and sub-directories created in them to be owned by the directory owner/group and not the user/group of the user creating the file. SEE ALSO EXTERNAL LINKS
|
|
|