I have a feeling the setuid bit, the nosuid mount option, sudo, and su are all related given their names.
But how do they relate to one another?
Are some of them used in conjunction?
If they are not, then why are their names so similar?
-
4I think this is either a duplicate of unix.stackexchange.com/q/65039/135943 or of unix.stackexchange.com/q/183994/135943. Not sure which. But if you read both of those, your multi-part question will be answered.Wildcard– Wildcard2016-01-26 09:06:23 +00:00Commented Jan 26, 2016 at 9:06
-
2Actually even more relevant may be unix.stackexchange.com/a/80350/135943. By the way, "suid" just means "setuid"; those two have the exact same meaning.Wildcard– Wildcard2016-01-26 09:12:18 +00:00Commented Jan 26, 2016 at 9:12
Add a comment
|
2 Answers
setuid: (set user ID upon execution) is a Unix/Linux access rights flag that allow users to run an executable with the permissions of the executable's owner. It is needed for tasks that require higher privileges than those which common users have, such as changing their login password.
suid: (saved user ID) is used when a program running with elevated privileges needs to temporarily do some unprivileged work. It changes its effective user ID from a privileged value (typically root) to some unprivileged one.
nosuid. When mount use this option then the file system doesn't allow set-user-identifier (setuid) or set-group-identifier (setgid) bits to take effect.
sudo: executes a command as another user but only if the original user is allowed to do it. (the user must be allowed previously in /etc/sudoers). It asks the user for their own password, making possible to authorize users to do tasks allowed only to root without revealing root's password.
su: This command allows the user to run a (new) shell / program as another user. The most common use of su is to become root. It asks for the password of the user you want to be, so only knowing that password it accepts the user substitution.
-
"become another user" meaning "run a (new) shell / program as another user". It does not change the permissions of running processes.Hauke Laging– Hauke Laging2016-01-26 09:27:29 +00:00Commented Jan 26, 2016 at 9:27
-
Yes. It's true. I'll change my answer.jcbermu– jcbermu2016-01-26 09:28:56 +00:00Commented Jan 26, 2016 at 9:28
-
So why have setuid bits if you have
sudoorsu? And if setuid bits are so important, then why don't see I see any of them when I uselson important system executables?Melab– Melab2016-01-26 11:42:42 +00:00Commented Jan 26, 2016 at 11:42 -
If you issue a
ls -l /usr/bin/passwdthe result will show ansin the executable bit of the owner. That is the setuid bitjcbermu– jcbermu2016-01-26 11:55:06 +00:00Commented Jan 26, 2016 at 11:55 -
it's important because it can be assigned only to specific executables.jcbermu– jcbermu2016-01-26 11:56:07 +00:00Commented Jan 26, 2016 at 11:56
"set user ID" is an important permission feature. sudo and su (and many other programs including mount) need this feature to work; some programs work partly without this feature (like mount), others (like sudo and su) do not work at all. This feature is related to files. Files exist in file systems only. nosuid disables this feature for all files in a file system (which makes especially sense for removable media).
answered Jan 26, 2016 at 9:13
