[NTLUG:Discuss] force group ownership

Paul Ingendorf pauldy at wantek.net
Sat Feb 2 09:44:38 CST 2002 

This SID/STICKY Bit grouping works much like it's partners the permission bits.
Set UID = 100
Set GID = 010
Sticky = 001

The set UID and GID bits both have pretty much the same function.  When a file is executable it allows you to force the running group id or user id to be that of what is set on the file.  So if you have a file with an owner of root and a group of owners and set the permissions to 6007 then anyone on your system who is not root or in the group root can execute the file as root in the group of owners.

The only use I've found for the sticky bit is with directories.  Say you have a folder like /tmp and you write a nice program that writes some temp data there because your quota is to small but you need to run these reports.  Well your running your data out there and user blow decides your using up to much space even though you have permission from the admins to do this.  He whacks your file and now the hours you've spent on running the job are wasted.  Now with the sticky bit set only the owner of the file in a world write able dir can delete his own file.  This can be very useful where groups of people have write access but you don't want people deleting each others files.

Now this is why this is separate from the permissions bits.  These bits aren't represented in the same way the rwx are when you ls the file.  Since Set UID and GID are very similar to what we already have which is permissions for the user and group it is represented by changing the execute char to one of S or s instead of x.  These characters also represent if the execute bit is set for the user.  A capital letter represents a file where the bit has been set but is not executable for that section and lowercase means the bit has been set and it is executable for that section.  So we have a file set to 4107 we get a file with the permissions --s---rwx .  If we change the permissions to 4007 we get a new set of --S---rwx.  All we have changed is the execute bit.  The UID and GID work in the same way one is represented by the user permissions and the other by the group permissions.

Now we are left with the world permissions.  Here the sticky bit is represented by the letter T or t.  It works pretty much the same as the above examples.  Say my permissions are 1007 I'm going to have a file with permissions of ------rwt.  Now I set permissions to 1006 and I get a file with ------rwT.  Again we just changed the execute bit and this is represented by a capital T.

You will find in practical applications many scripts you write do not perform as expected with these flags.  This is because the programs these scripts run under do not honor the bits for the sake of protecting people from themselves.  For this your mileage may vary with them.


-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of Richard Geoffrion
Sent: Friday, February 01, 2002 11:57 PM
To: discuss at ntlug.org
Subject: Re: [NTLUG:Discuss] force group ownership


WOW!  You know, I've worked with Netware inherited rights masks for years
but never understood how to accomplish the same thing in Linux.  Your
explaination right there just unlocked MAJOR functionality for me!  WOW!

So now can you explain just exactly how and when to use that fourth byte one
sees sometime set.  0755 vs 1755.  Some strange mental block seems to make
learning these rights issues difficult.

-Richard

More information about the Discuss mailing list