file access attributes
Andy Green
andy at warmcat.com
Wed Aug 29 12:52:04 UTC 2007
Somebody in the thread at some point said:
> HI,
> Could some one explain for what are the 's' or 't' attributes in the
> example file access:
>
> -rwsr-sr-x 1 root root 23084 Jun 6 00:40 /sbin/mount.cif
It means the file is setuid and setgid root. No matter which user
executes it, it will actually execute as if run by the user that owns it
and the group it is in. Bit frightening from a security point of
view.... if you can convince such a program to open an output file in an
arbitrary place for example you can take a dump on system files even as
a normal user.
> drwxrwxrwt 2 user home 4096 2007-08-29 15:34 win2000
The t means "sticky"... on a directory it means that only root or the
particular file's owner can delete the file. Without it anyone with
write (and entry) perms to the directory gets to delete anything that is
in it, even if that file is owned by root or another user. With it,
even when many users create files in that dir, they can't start nuking
other users' files in the same dir.
-Andy
More information about the users
mailing list