Hi,
I was not able to understand the concept
sticky bit mode , SUID & SGID.
can any one help me in this??
The sticky bit is represented by a t when you do ls -l. Its use is defined at http://www.unixguide.net/hp/faq/5.1.9.shtml. In general, it will stop the kernel from unloading the program from memory right after it's finished running (so subsequent runs of the program will be faster).
The setuid bit (s in the user column) allows an executable file, when run, to take on root privileges. You should only use this for programs designed to give up the privileges that they don't need right after they start.
The setgid bit (s in the group column) is the same as setuid, except that it takes on the root group permissions rather than the user. (In general, if you set setuid then you should also set setgid).
Hello augustus123,
There are some differences in the concepts stated by 'rjlee'.
1) Sticky bit was used on executables in linux (which was used more often)so that they would remain in the memory more time after the initial execution, hoping they would be needed in the near future. But since today we have more sophisticated memory accessing techniques and the bottleneck related to primary memory is diminishing, the sticky bit is not used today for this. Instead, it is used on folders, to imply that a file or folder created inside a stickybit-enabled folder could only be deleted by the creator itself. A nice implementation of sticky bit is the /tmp folder,where every user has write permission but only users who own a file can delete them. Remember files inside a folder which has write permission can be deleted even if the file doesn't have write permission. The sticky bit comes useful here.
2) As of SUID or SetUID bit, the executable which has the SUID set runs with the ownership of the program owner. That is, if you own an executable, and another person issues the executable, then it runs with your permission and not his. The default is that a program runs with the ownership of the person executing the binary.
3) The SGID bit is the same as of SUID, only the case is that it runs with the permission of the group. Another use is it can be set on folders,making nay files or folders created inside the SGID set folder to have a common group ownership.
Hope this was useful and you got the point.
quoted form: http://www.linuxquestions.org/questions/showthread.php?t=258719
没有评论:
发表评论