Posted by arlene

In addition to the ordinary permissions that exist to control which users can access a file or directory, two other permissions are used on Unix and Linux systems to give special privileges to executable files. These are called the Set User ID (SUID) and Set Group ID (SGID) permissions. When an executable image is run that has the SUID permission set on it, the image will take on the permissions that are equivalent to those of the owner of the executable file.

The permissions available to a user can also be acquired from group membership. When an executable image is run, it usually runs under the permissions of the user who executes the file and the permissions available to the group to which the user belongs. When the SGID permission is set on an executable, it will inherit permissions from the group of the owner of the file and not the permissions of the user who executes the file.

These two permissions can be very useful. There are times when it is necessary to run a program that must have more access rights than the user who is executing the program. For example, when a user needs to change his password, he needs to be able to make edits to the password file. Because this file is normally protected against writing by most ordinary users, the program that changes your password can get the necessary permission to modify the file. This is a simple example of a process that occurs at many levels in an operating system. Other programs use permissions elevated above the ordinary user to accomplish such tasks as managing print queues and allowing basic system management tasks.

When used on a directory instead of a file, the SUID permission, placed in the group field, indicates that all files created in the directory will take on the ownership of the group that owns the directory.

You can tell from a directory listing (using the is command) whether the SUID or SGID permission has been set for a file. In the permissions array, the letter S will appear in the position normally used to indicate the owner’s execute access. If the S character is lowercase, the Execute permission for the owner is not set. If it is an uppercase S, the Execute permission is also set for the owner.

In a directory file the s character will appear in the character position that normally indicates a group’s execute access.

Using the chmod and chown Commands

When moving files around on the network, it frequently is necessary to change their ownership or the access permissions so that a new set of users can gain the appropriate access. For example, when a user leaves a company, it is usually customary for someone else to take over managing files and important directories for which the user had been responsible. The two commands you can use to modify ownership and access for files are the chmod (change permission mode) and Chown (change owner) commands.

The chown command is a simple one. If you are the owner of a file or if you are the superuser, you can use this command to assign a new owner and/or group to a file. The basic syntax is

chown [ -fhR ] owner [ : group ] file …

Here, owner is the new user or group ID that will be assigned to the file or files represented by file …. The -f parameter suppresses error reporting. The -h parameter is used to cause an ownership change to be effective on a symbolic link to a file instead of the actual file the link references.

Without this parameter, the ownership is changed on the actual file that is referenced by the symbolic link. The -R parameter causes the command to operate recursively, changing the owner ID for files and subdirectories under the current specification.

You can use chown to easily change the ownership of one or more directories when a new user takes responsibility for them. The chmod command can be used by users and administrators to change the access permissions on files or directories.

The chmod command can be used to change access permissions for the owner, group, or others by specifying the rights by either a numeric or a character format. The numeric format for the chmod command specifies rights as a numeric value, totaling each right as described in the following list:

• 0—No access

• 1—Execute file (or search a directory)
• 2—Write
• 4—Read Using this format, you would change the access permissions on a file in a manner similar to this:

chmod 666 myfile1 chmod 664 myfile2 chmod 640 myfile3

Here the filename myfile1 has its access permissions set to Read + Write (4 + 2 = 6) for the owner, group, and world fields. The file myfile2 is set to Read + Write for the owner and group fields, but to only Read (4) for the other or world field. Finally, myfile3 is set to give the owner Read and Write permissions. The group permission is set to Read only and the other field is set to No Access (0).

Using the other syntax format for the chmod command enables you to change the permission fields without having to memorize numerical values. Instead, you use the letters r (read), w (write), and x (execute) to specify the permissions, and the letters u (user), g (group), o (other), or a (all, indicates user, group, and other) to specify the user field for which a permission will be modified. For example:

chmod u+rw myfile1

chmod g+rwx myfile1

chmod o+rw myfile1

Here it is easy to see that the user field (user owner, group, or other) is appended to the letter identifying a right (rw, rwx) by the plus sign. This indicates that the right is to be added to the user field indicated for the file myfilel. To remove a right using chmod, use the minus sign:

chmod g-x personalfile chmod o-w specialfile

Here the command is used to remove the Execute right from the group for the file named

personalf ile. For the file named specialfile, the owner has used chmod to remove his own right to write to the file. This is not done for security purposes, but because the owner wants to be sure he doesn’t alter the contents of the file by mistake. Because he is the owner, he can always set the mode back to write if it becomes necessary.

Using the su Command

To perform some important system management tasks on a Unix or Linux system, only the privileges granted to the root account can be used. Although it would be easy to let multiple system administrators log in to the root account to perform administrative functions, this is not a very good thing to do from the viewpoint of security. If only one account is used, it is difficult to construct an audit trail to determine which administrator performed a specific function.

To get over this limitation, the su command enables you to log in using your normal user account and then become the root user or another user. The log file /var/adm/sulog tracks attempts to become another user using the su command, and so an audit trail is kept to help when troubleshooting. You can use the su command by itself to become the root superuser, or you can use it in the form of su username to become another user. In all cases you will be prompted for the password for the user account you want to become, unless you are already logged in to the root account.

The power held by the password to a root account can be seen by how it can be used with this command. As a standard security matter, you should regularly review the /var/adm/sulog log file to keep track of how the command is being used.

Possibly related posts: (automatically generated)
SUID and SGID File Permissions

• Explicit Privilege Escalation
• Tracking Other Users
• Local Vulnerabilities
• Installing and Configuring Printers on Windows Servers Part 4
• Audit Management continue...
• Two Main Reasons for Vulnerabilities
• Network Access Control Databases
• Security Facilities in Java
• Tracing the Path of Activity Can Be Difficult
• Hardware Public Key Storage vs. Software Public Key Storage