Permission Question
Jonathan I. Kamens
jik at athena.mit.edu
Mon Mar 11 10:06:32 AEST 1991
In article <1991Mar9.212943.1961 at casbah.acns.nwu.edu>, navarra at casbah.acns.nwu.edu (John Navarra) writes:
|> I am not a member of staff but I wanted to see if I could do the following:
|>
|> cp /bin/sh /somedir/sh
|> chmod g+s /sh
|> ls -las | grep sh
|>
|> 224 -rwx--x--x 1 navarra staff 106496 Mar 9 13:18 sh
|>
|> AS you see I was not able to set this bit. I was wondering if you actually
|> have to be a member of the group to set its bit? Is this true on all Unix
|> systems?
To allow a user to make a binary setgid to a group of which he is not a
member would be a gaping security hole, allowing any user to violate the
entire group security mechanism. It should be clear why this is so; if I'm
not a member of a group but I can make a program setgid to that group, then I
can write a program to do anything I want that requires that group's access
rights, and then make it setgid to that group and run it.
So yes, you actually have to be a member of a group to make something setgid
to that group.
By the way, why the "na" distribution?
--
Jonathan Kamens USnail:
MIT Project Athena 11 Ashford Terrace
jik at Athena.MIT.EDU Allston, MA 02134
Office: 617-253-8085 Home: 617-782-0710
More information about the Comp.unix.misc
mailing list