What is stickey bit ??

What is main differences between stickey bit and set user id (group id )
which is done using
chmod u+s
chmod g+s
chmod u+t

I was trying to set the following priv for /usr/bin/sh in my local home
-rwsr-sr-t   /home/rajiv/sh
Thia way while i run this script (i.e. sh) i should be having the root's priv.
Pl explain in detail
And how can i achieve this on Unixware 7.1.1
thanks in advance
rajiv_indyaAsked:
Who is Participating?
 
chris_calabreseConnect With a Mentor Commented:
There are four problems with this:
1.  This only works if the file is owned by root:sys (or whatever group you want to sgid to).
2.  This is a very bad idea from a security standpoint, as it allows anyone who can break into your account (sniff your password on the net through telnet or XDM, take advantage of bugs in cron or mail, etc) to become root trivially.
3.  The +t doesn't do anything useful.
4.  Most versions of sh have code that doesn't allow suid/sgid to prevent you from doing what you're trying to do.
0
 
paulqnaCommented:
The t means only the OWNER will have sufficient privileges to delete the file.

Just the first chmod u+s will do the trick the t will normally only be set on the /tmp directory.
0
 
chris_calabreseCommented:
Some clarification...

+t _on_a_directory_ means that only the owner of a file can delete it.  It essentially has no meaning any longer on regular files (it used to be a hint to the memory swapping system, but very few systems use swapping any more, as opposed to demand-paging).

Meanwhile, u+s/g+s implies that the program will run with the id of the file's owner (group).  If you want something to run as root, you have to chown it to be owned by root and then set u+s.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
rajiv_indyaAuthor Commented:
I was trying to set the following priv for /usr/bin/sh in my local home
-rwsr-sr-t   /home/rajiv/sh
This way while i run this script (i.e. sh) i should be having the root's priv.
but it is not so ..
Why ????
sh should be run with root owner

Also documentaion says that 1st line of shell script which is being executed should be
"#! /bin/sh"
Is it not true with binary files...???
0
 
gmancusoCommented:
Right on chris_calabrese

rajiv_indya, perhaps you could tell us what you're trying to do, and we can give some ideas about a better way to do it?

To clear up some points:
#!/bin/sh tells the shell to go find /bin/sh and use it to interpret the file.  (I'm fairly sure it will use the file (not /bin/sh) to determine what permissions to use.)  #!/usr/local/bin/superinterpreter indicates that /usr/local/bin/superinterpreter will be handling the file.  

If all you're wanting to do is have a suid script, change the _script_, not its interpreter, to be suid.  (remember to keep suid scripts under tight control.. )

Hope that helps.. send more info, we'll send better answers :)

-Gus
0
 
PeterMacCommented:
rajiv

 Fully in accord with previous answers, the one thing they haven't mentioned is that you would have to have root permissions already to achieve what you seem to be trying to do. the only way you can set "s" bits on a file owned by root is to be root, and the file must be owned by root before you set the bits.

0
 
Michel PlungjanIT ExpertCommented:
Lucky that EE no longer autogrades, huh?
As I see it, Chris deserves the points more than PeterMac, no? I mean Peter, your's is a comment if I ever saw a comment ;-)

Michel
0
 
PeterMacCommented:
to mplungian

No problem at all with that, I just figured question had been answered, and not too happy about discussing unix security bypasses with someone at the level of question proposer. A simple statement of facts is OK, but suggestions on other methods of achieving what he was trying to do are out in my book.

Wasn't aware EE ever did autograde, and there had been no comment for three weeks. It was also my first day logged into EE, and hadn't quite figured out the system.
0
 
tfewsterCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
- Answered by chris_calabrese

Please leave any comments here before 13/1/2003

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster (I don't work here, I'm just an Expert :-)
0
 
SpideyModCommented:
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0
All Courses

From novice to tech pro — start learning today.