14 Apr
2003
14 Apr
'03
5:44 a.m.
Hallo,
Guy Clotilde hat gesagt: // Guy Clotilde wrote:
Anyway, as I'm quite dumb about it, can you
enlighten me about what
it means 'setuid root'? How exactly do I setuid root a prog (I have
read about the 's' bit)?
Yes, you add the "s"etuid bit by channging the file mode with "chmod
u+s /usr/bin/program" and you get rid of it by "chmod u-s
/usr/bin/program"
Can I setuid any program (er... is it dangerous)?
It can be dangerous. Most audio software drops the root privileges
after they gained a higher scheduling, but the bigger the sofware, the
easier it is to make mistakes with this. It might be a good idea, to
only allow a certain group of users to run the setuid programs or use
something like "super" to control acess. Using a kernel feature called
capabilities also does reduces the need to "setuid root" larger
programs.
But then, setuid also is something ordinary on Linux. For example, the
/usr/bin/passwd programm is also "setuid root". It allows users to
change their own password and effectifly change a system file like
/etc/passwd. Without higher privileges they couldn't do this.
Does any program 'setuid root' really run with
roots provileges?
Effectivly yes, at least at the start. But as I said, most programs
stop being root on their own with something like the
setuid-C-function, see "man 2 setuid".
ciao
--
Frank Barknecht _ ______footils.org__