Hi All,
Can someone give me some info about setuid or guid topic? Also about sticky bit.
Thanks in advance,
itik
Setting the sticky bit on a file instructs the kernel to not swap it out when running, it's seldom used these days.
Setting the sticky bit on a directory, however, instructs the filesystem to only allow a file to be deleted by it's owner, regardless off the write permissions the directory has set. This enables one to allow world write on a directory without allowing one user to interact with another user's files beyond the individual file's permissions. It's great for any directory where multiple users need to create files but you don't want one to delete another's.
A file that is setuid will, if executed, run with the permissions and id of the owner of the file (not necessarily the user logged in). This allows multiple users to share data or to escalate (or downgrade) rights.
It should be used with caution however as any bugs in the script or binary could be exploited to perform unintended tasks as the file owner. Anything forked off by the running executable will also inherit it's parent's rights so be careful of complex apps like vi, emacs etc that can start independant shells.
Setuid on a directory would normally cause any files created within that directory to be owned by the directory owner but this is disabled by default in solaris.
Setgid on a file does nothing on solaris as far as I know.
Setgid on a directory causes any files created to have their primary group set the the same group as the parent directory. It generally (depending on config and solaris revision) also sets the setgid bit on any subdirectories created.
Ok so what is now used instead of sticky bit?
Thanks and more power,
itik
Hi
I also have same type of issue . I am trying to set owners uid in AIX using chmod 4754 but it does not work . It seems that AIX just ignores set uid thing .
The owner and a user in the group which executes the scripts need to be different . I do not want other user or even users in the group to read certain files (password files etc) .They are used to connect to oracle.
Other reason is that the scripts write to lots of directories on which these other users do not have privileges.
What is the alternate solution. There are 100s of scripts which can not be altered .
Regards
Clifford.
I'd suggest moving the AIX setuid question over to the AIX section - I'm really only familiar with the Solaris use of it.
itik: I don't think I really understand your question... The sticky bit is still used plenty, it's just rare to use it on a file to hold it in memory - modern schedulers do a better job.
RBAC and sudo are also used as alternatives to setuid.
Part 3 of The Whole Story on #! /usr/bin/ksh discusses suid shell scripts at some length. But a quick management summary: suid and sgid bits are ignored on shell scripts by many kernels. Solaris is an exception to this rule.
I run it as following , but it doesn't work, could you tell me what's wrong with it? it's solaris 10 system, I wonder whether the version disable the feature, how to verify that?
$ pwd
/home/steven
$ id
uid=100(steven) gid=1(other)
-rwsrwxr-x 1 etrust root 49 2月 27 01:02 modifyfile
-rwx------ 1 etrust root 56 2月 27 01:02 etrustfile
modifyfile will modify the content of etrustfile. It should be accessed by etrust only. and I set modifyfile as rws. I want to run modifyfile as steven, but it shows I can't modfiy the etrustfile still. what's the porblem?
$ cat modifyfile
echo "add this line to etrustfile" >> etrustfile
$ modifyfile
modifyfile: etrustfile: cannot create
Thanks 
Read this thread and the thread I linked above. You have no
#! /usr/bin/ksh
type of line. You need that. Read the thread I wrote that explains why.
Thanks.
It works now.