Solved

What is stickey bit ??

Posted on 2001-07-26
10
594 Views
Last Modified: 2012-06-27
What is main differences between stickey bit and set user id (group id )
which is done using
chmod u+s
chmod g+s
chmod u+t

I was trying to set the following priv for /usr/bin/sh in my local home
-rwsr-sr-t   /home/rajiv/sh
Thia way while i run this script (i.e. sh) i should be having the root's priv.
Pl explain in detail
And how can i achieve this on Unixware 7.1.1
thanks in advance
0
Comment
Question by:rajiv_indya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 5

Expert Comment

by:paulqna
ID: 6322461
The t means only the OWNER will have sufficient privileges to delete the file.

Just the first chmod u+s will do the trick the t will normally only be set on the /tmp directory.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6324527
Some clarification...

+t _on_a_directory_ means that only the owner of a file can delete it.  It essentially has no meaning any longer on regular files (it used to be a hint to the memory swapping system, but very few systems use swapping any more, as opposed to demand-paging).

Meanwhile, u+s/g+s implies that the program will run with the id of the file's owner (group).  If you want something to run as root, you have to chown it to be owned by root and then set u+s.
0
 

Author Comment

by:rajiv_indya
ID: 6332889
I was trying to set the following priv for /usr/bin/sh in my local home
-rwsr-sr-t   /home/rajiv/sh
This way while i run this script (i.e. sh) i should be having the root's priv.
but it is not so ..
Why ????
sh should be run with root owner

Also documentaion says that 1st line of shell script which is being executed should be
"#! /bin/sh"
Is it not true with binary files...???
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Accepted Solution

by:
chris_calabrese earned 10 total points
ID: 6334438
There are four problems with this:
1.  This only works if the file is owned by root:sys (or whatever group you want to sgid to).
2.  This is a very bad idea from a security standpoint, as it allows anyone who can break into your account (sniff your password on the net through telnet or XDM, take advantage of bugs in cron or mail, etc) to become root trivially.
3.  The +t doesn't do anything useful.
4.  Most versions of sh have code that doesn't allow suid/sgid to prevent you from doing what you're trying to do.
0
 

Expert Comment

by:gmancuso
ID: 6342017
Right on chris_calabrese

rajiv_indya, perhaps you could tell us what you're trying to do, and we can give some ideas about a better way to do it?

To clear up some points:
#!/bin/sh tells the shell to go find /bin/sh and use it to interpret the file.  (I'm fairly sure it will use the file (not /bin/sh) to determine what permissions to use.)  #!/usr/local/bin/superinterpreter indicates that /usr/local/bin/superinterpreter will be handling the file.  

If all you're wanting to do is have a suid script, change the _script_, not its interpreter, to be suid.  (remember to keep suid scripts under tight control.. )

Hope that helps.. send more info, we'll send better answers :)

-Gus
0
 
LVL 9

Expert Comment

by:PeterMac
ID: 6413531
rajiv

 Fully in accord with previous answers, the one thing they haven't mentioned is that you would have to have root permissions already to achieve what you seem to be trying to do. the only way you can set "s" bits on a file owned by root is to be root, and the file must be owned by root before you set the bits.

0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 6799360
Lucky that EE no longer autogrades, huh?
As I see it, Chris deserves the points more than PeterMac, no? I mean Peter, your's is a comment if I ever saw a comment ;-)

Michel
0
 
LVL 9

Expert Comment

by:PeterMac
ID: 6799564
to mplungian

No problem at all with that, I just figured question had been answered, and not too happy about discussing unix security bypasses with someone at the level of question proposer. A simple statement of facts is OK, but suggestions on other methods of achieving what he was trying to do are out in my book.

Wasn't aware EE ever did autograde, and there had been no comment for three weeks. It was also my first day logged into EE, and hadn't quite figured out the system.
0
 
LVL 21

Expert Comment

by:tfewster
ID: 7621362
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
- Answered by chris_calabrese

Please leave any comments here before 13/1/2003

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster (I don't work here, I'm just an Expert :-)
0
 

Expert Comment

by:SpideyMod
ID: 7805230
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Best way to split and output to csv in bash 2 81
Shell Script- gzip 5 86
sed command 3 29
how to write and save a unix script 12 37
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question