Wednesday, 18 September 2013

In this post we are going to discuss about three special types of permissions which can be set for executable files and public directories to meet our requirements. When we set these permissions, someone who runs the executable file assumes the ID as owner (or group) of the executable file. NOTE: To be Very careful when you set these special permissions, it may cause a security risk. For example, the user can get root user privileges by executing a program that sets the UID to 0 (root).

SETUID Permission on Executable Files:-
Whenever SETUID permission has set on executable files, anyone executing that command (file) will inherit the permissions of the owner of the file. The SETUID permission displays as an “s” in the owners executable field. For below example, the SETUID permission on the “passwd” command which provides the access to change the passwd for users. Note: This special permission can be quite dangerous. For example, If you have a SETUID shell which is owned by one user, other user essentially inherit your file permissions by executing it, hence they have the ability to remove all files which owned by the real user.
bash-3.00# ls -ltr /usr/bin/su /usr/bin/passwd
-r-sr-xr-x   1 root     sys        25124 Feb 13  2009 /usr/bin/su
-r-sr-sr-x   1 root     sys        22644 Aug  6  2010 /usr/bin/passwd
bash-3.00#
To set SETUID permission on a executable. Syntax is # chmod 4555 <executable_file>
bash-3.00# touch /var/tmp/unixrock_setuid
bash-3.00#
bash-3.00# ls -ltr /var/tmp/unixrock_setuid
-rw-r--r--   1 root     root           0 Sep 18 20:47 /var/tmp/unixrock_setuid
bash-3.00# chmod 4644 /var/tmp/unixrock_setuid
bash-3.00#
bash-3.00# ls -ltr /var/tmp/unixrock_setuid
-rwSr--r--   1 root     root           0 Sep 18 20:47 /var/tmp/unixrock_setuid
bash-3.00#
bash-3.00# chmod 4555 /var/tmp/unixrock_setuid
bash-3.00#
bash-3.00# ls -ltr /var/tmp/unixrock_setuid
-r-sr-xr-x   1 root     root           0 Sep 18 20:47 /var/tmp/unixrock_setuid
bash-3.00#
To search for SETUID files
bash-3.00#
bash-3.00# find / -user root -perm -4000 -exec ls -ldb {} \;|head -2
-r-sr-xr-x   1 root     root           0 Sep 18 20:47 /var/tmp/test_setuid
-r-sr-sr-x   1 root     sys        22644 Aug  6  2010 /usr/bin/passwd
bash-3.00#
SETGID Permission on Executable Files:-
SETGID permission is similar to the SETUID, except that the process's effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions assigned to that group.
bash-3.00# ls -ltr /usr/bin/mail /usr/bin/write
-r-xr-sr-x   1 root     tty        14208 Jan 23  2005 /usr/bin/write
-r-x--s--x   1 root     mail       58872 Aug  6  2010 /usr/bin/mail
bash-3.00#
To set SETGID permission on a executable. Syntax is # chmod 2555 <executable_file> ; #chmod g+s <directory> :-
bash-3.00# touch /var/tmp/unixrock_setgid
bash-3.00#
bash-3.00# ls -ltr /var/tmp/unixrock_setgid
-rw-r--r--   1 root     root           0 Sep 18 21:01 /var/tmp/unixrock_setgid
bash-3.00#
bash-3.00# chmod 2555 /var/tmp/unixrock_setgid
bash-3.00# chmod g+s /var/tmp/unixrock_SETGID
bash-3.00#
bash-3.00# ls -ltr /var/tmp/unixrock_setgid
-r-xr-sr-x   1 root     root           0 Sep 18 21:01 /var/tmp/unixrock_setgid
bash-3.00#
bash-3.00# ls -ld /var/tmp/unixrock_SETGID
dr-xr-sr-x   2 root     root         512 Sep 18 21:06 /var/tmp/unixrock_SETGID
bash-3.00#
To search for SETGID files:-
bash-3.00# find / -user root -perm -2000 -exec ls -ldb {} \;|head -2
-r-xr-sr-x   1 root     root           0 Sep 18 21:01 /var/tmp/unixrock_setgid
dr-xr-sr-x   2 root     root         512 Sep 18 21:06 /var/tmp/unixrock_SETGID
bash-3.00#
Sticky Bit Permission on Public Directories :-
If the directory permission have the sticky bit permission set, then the file can be deleted only by the owner of the file/directory or the root user.This special permission prevents to delete other user’s file from public directories.
bash-3.00# ls -ld /tmp
drwxrwxrwt  10 root     sys          854 Sep 18 22:09 /tmp
bash-3.00#
To set Stickybit permission on a folder. Syntax is # chmod 1777 <Public_Directory>:-
bash-3.00# mkdir -p /vat/rmp/unixrock_stickybit
bash-3.00#
bash-3.00# chmod 1777 /vat/rmp/unixrock_stickybit
bash-3.00#
bash-3.00# ls -ld /vat/rmp/unixrock_stickybit
drwxrwxrwt   2 root     root         512 Sep 18 22:41 /vat/rmp/unixrock_stickybit
bash-3.00#
To search for Stickybit folders:-
bash-3.00# find / -user root -perm -1000 -exec ls -ldb {} \;|head -2
drwxrwxrwt   3 root     mail         512 Aug 13 01:05 /var/mail
drwxrwxrwt   2 root     root         512 Sep 18 22:41 /vat/rmp/unixrock_stickybit
bash-3.00#
when we execute these permission, we find below signs in the permission fields
PermissionsDescriptions
--S------SUID is set, but user (owner) execute permission is not set.
--s------SUID and user execute persmission are set both.
-----S---SGID is set, but group execute permission is not set.
-----s---SGID and group execute permission are set both.
--------TSticky bit is set, bot other execute permission is not set.
--------tSticky bit and other execute permission are both set.
Thanks for reading this post. Please leave your comments