Suse Linux Professional 9.2 Upgrade [Strong Encryption 128 Bit] 00662644457260 User Manual
Product codes
00662644457260
used to transfer ownership of a file to another user. However, only
root
is
permitted to perform this change.
Suppose the file
Roadmap
belong to
tux
, but to the user
geeko
.
root
should then enter
chown
geeko Roadmap
.
chgrp
changes the group ownership of the file. However, the owner
of the file must be a member of the new group. In this way, the user
tux
ProjectData
to
project4
with the command
chgrp project4
ProjectData
, as long as he is a member of this new group.
21.2.3
The setuid Bit
In certain situations, the access permissions may be too restrictive. Therefore,
Linux has additional settings that enable the temporary change of the current
user and group identity for a specific action. For example, the
Linux has additional settings that enable the temporary change of the current
user and group identity for a specific action. For example, the
cdrecord
pro-
gram normally requires root permissions to access the writer for burning CDs
(or DVDSs). Thus, a normal user would not be able to create CDs, as it would be
too dangerous to grant all users direct access to all devices. A possible solution
to this problem is the setuid mechanism. setuid (set user ID) is a special file at-
tribute that instructs the system to execute programs marked accordingly under a
specific user ID. Consider the
(or DVDSs). Thus, a normal user would not be able to create CDs, as it would be
too dangerous to grant all users direct access to all devices. A possible solution
to this problem is the setuid mechanism. setuid (set user ID) is a special file at-
tribute that instructs the system to execute programs marked accordingly under a
specific user ID. Consider the
cdrecord
command:
-rwxr-x---
1 root root
281356 2002-10-08 21:30 /usr/bin/cdrecord
Set the setuid bit with the command
chmod u+s /usr/bin/cdrecord
. Then,
assign the
cdrecord
program to the group
users
with the command
chgrp
users /usr/bin/cdrecord
. The following access permissions are granted:
-rws--x---
1 root users
281356 2002-10-08 21:30 /usr/bin/cdrecord
By means of the setuid bit, all users belonging to the group
users
can use the
program. In effect, this means that the program is executed as
root
.
Caution
Setting the setuid bit for a program makes your computer more vulner-
able to attacks. Only do this in exceptional cases when you know the
program well and are aware of the potential risks.
able to attacks. Only do this in exceptional cases when you know the
program well and are aware of the potential risks.
Caution
268
21.2. Users and Access Permissions