Granting Temporary Root Permissions with SUID
As you should know
by now, a user can execute a file only if they have permission to
execute that particular file. If the user only has read and/or write
permissions, they cannot execute. This may seem straightforward, but
there are exceptions to this rule. You may have encountered a case in
which a file requires the permissions of the root user during execution
for all users, even those who are not root.
For example, a file that allows users to change their password would need access to the /etc/shadow file—the file that holds the users’ passwords in Linux—which requires root user privileges in order to execute. In such a case, you can temporarily grant the owner’s privileges to execute the file by setting the SUID bit on the program.
Basically, the SUID bit says that any user can execute the file with the permissions of the owner but those permissions don’t extend beyond the use of that file. To set the SUID bit, enter a 4 before the regular permissions, so a file with a new resulting permission of 644 is represented as 4644 when the SUID bit is set.
Setting the SUID on a file is not something a typical user would do, but if you want to do so, you’ll use the chmod command, as in chmod 4644 filename.
Comments
Post a Comment