I have two files with the following permissions:
-rwsr--r-- 1 root root 213 Oct 22 12:15 f1
-r--rwxr-- 1 Bob staff 113 Oct 22 12:18 f4
Can the user Bob
execute f1
and why? What is the effect of the s
in the set of permission on f1
?
I have two files with the following permissions:
-rwsr--r-- 1 root root 213 Oct 22 12:15 f1
-r--rwxr-- 1 Bob staff 113 Oct 22 12:18 f4
Can the user Bob
execute f1
and why? What is the effect of the s
in the set of permission on f1
?
The s
permission there means that the setuid bit (mode 4000) is set for that file. Such a file is run with the privileges of the file's owner, not of the user invoking it. In this case, when user Bob runs the file, it will be like the user root (superuser) ran it, so it will have full access to the system. As you imagine, this can be very dangerous e.g. a shell with setuid set is practically a backdoor to the whole system.
However, the file is missing the executable (x
) permission for "others", so Bob can't really run it. To allow all other users, Bob included, to run the file, the root user has to enter the command
chmod a+rx f1
Related question about this second part: what is the purpose of setuid enabled with no executable bit?
The s in the permissions means that the setuid is turned on. Bob can execute the f1 file, though, only if the permissions are changed so that the other group has execute permissions, so at least 4745:
sudo chmod 4745 f1
-rwsr--r-x 1 root root 213 Oct22 12:15 f1
chmod o+x,u+s f1
which IME is more readable/understandable – Chris Davies Oct 03 '22 at 07:58