Re: file access attributes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Somebody in the thread at some point said:
> HI,
> Could some one explain for what are the 's' or 't' attributes in the
> example file access:
> 
> -rwsr-sr-x 1 root root 23084 Jun  6 00:40 /sbin/mount.cif

It means the file is setuid and setgid root.  No matter which user
executes it, it will actually execute as if run by the user that owns it
and the group it is in.  Bit frightening from a security point of
view.... if you can convince such a program to open an output file in an
arbitrary place for example you can take a dump on system files even as
a normal user.

> drwxrwxrwt   2 user home     4096 2007-08-29 15:34 win2000

The t means "sticky"... on a directory it means that only root or the
particular file's owner can delete the file.  Without it anyone with
write (and entry) perms to the directory gets to delete anything that is
in it, even if that file is owned by root or another user.  With it,
even when many users create files in that dir, they can't start nuking
other users' files in the same dir.

-Andy


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux