Jump to content

Talk:setuid

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia


Demonstration

[edit]

This feels weird and out of place in the article. I would recommend making it less like the output from script and more like a "this command does that" sort of thing. I'd also recommend integrating the demonstration into the rest of the article instead of giving it its own section. --192.31.106.34 (talk) 23:00, 7 December 2011 (UTC)[reply]

Also, I think the textual description and the actual code are out of sync (as of 2012-07-16): The description talks about using "su" and a user called alice, while the code uses "sudo" and (as visible from the code execution trace's uid "0" and sudo's default behavior) root/superuser (identified by user id 0). It is also unclear why the effective group id is "20". --Abdull (talk) 13:12, 16 July 2012 (UTC)[reply]

Possible improvements

[edit]
  • 10/30/2013

The first few sentences really take me for a spin. May I suggest rephrasing along the lines of:
"Set-user-ID, a Unix feature which means that a program is executed with the access rights of the program file's owner instead of the rights of the user running it."
(text from: http://en.wikipedia.org/wiki/Shebang_%28Unix%29)

Speaking as a newbie trying to understand this concept, a few things could be done to improve this article:

  • Provide an explanation of 'elevated privileges'
  • Describe different ways of viewing the suid and what it would look like
  • If this article is also meant to cover setgid, a bit more explanation would be helpful, and again examples of how you can tell its set
  • Expansion in the directories section would really be helpful

Qvamp 16:11, 10 April 2007 (UTC)[reply]

I have one more: I guess not every user is always allowed to use setuid on every files. So there must first be a password check or something similar. So, how can a user change the execution privilege level when he/she is currently not entitled to do so? --Abdull 11:02, 30 August 2007 (UTC)[reply]

Demo rewritten

[edit]

Hopefully clearer. DG12 (talk) 17:38, 17 October 2011 (UTC)[reply]

With regards and respect to the author, and while overall this is a very useful page, this example is horrible and borders on obfuscation.

The page is about one of the simplest concepts in Unix et al. One would think that even if it is meant to be a definitive piece on Setuid, it would be kept as simple as possible because it is of most interest and use to the new user.

However, the author has chosen as his first example, a very high level programming language which, while it allows itself to cover all bases, is totally incomprehensible to those not schooled in it. If you want to include this demo so that people can run it, fine. But please add an English explanation.

All my programming education and experience is from 30+ years ago. Even though I can program in machine code, have been a WinDoze user for 30 years and had my first intro to Unix 30 yrs ago, I have never had the opportunity or need to master this type of programming language.

Could you please rewrite this demonstration in a language that Einstein could understand? For I venture to say that even Albert would understand that his inability to understand this example is not due to his own ignorance caused by never having been taught this at Leipzig, so much as to the author's attempt to show off how big his flash drive is. Tgdf (talk) 19:54, 24 August 2008 (UTC)[reply]

setgid directories and BSD

[edit]

The behavior of directories with setgid causing new files to gain the directory's group ID (and new directories to also inherit the setgid flag) is not present in BSD - for example, while AIX, HP-UX, Solaris, and Linux will behave as described in the article, on FreeBSD new files will always inherit the group ID of the directory and new directories will never inherit the setgid flag. I don't have time to find an acceptable reference, so a note here will have to suffice for now. --Quietust (talk) 19:53, 11 May 2010 (UTC)[reply]

Sticky bit

[edit]

You didn't mention the sticky bit at all. Maybe it's not part of the article, but it's the only omitted permission here. Consider on adding it and, maybe, changing the title to "Advanced Unix Permissions" or something. Renich (talk) 19:38, 10 December 2010 (UTC)[reply]

Sticky bit is in discussion of chmod and only confuses this discussion.

DG12 (talk) 17:39, 17 October 2011 (UTC)[reply]

setuid is less useful outside of executables

[edit]

Just want to point this thing out. I guess it's also something to get beginners confused easily. They think, "great, just set SUID bit and you can use whatever target with root as owner as if you were root yourself". Alas, that's not always possible. Of course, you can execute programs with root permissions if you have SUID bit set. But now think of a block device with suid bit set, e. g. /dev/tty12 usually used as syslog console. As a test, think of doing a sudo chmod 4600 /dev/tty12. Can you now do an echo "something" > /dev/tty12 as a non-root user with success? NOPE, YOU CAN'T! That's because /dev/tty12 is a target but not executable, which is why you cannot "launch" /dev/tty12 the way you could do it with an executable. The elevated permissions do not affect targets used as an output, merely targets run as executables (if applicable) -andy 77.191.218.155 (talk) 20:04, 30 June 2013 (UTC)[reply]

real and effectve UID/GID

[edit]

Any definition of SetUID is not complete unless it also defines what the real and effectve UID/GID are and when they come into play. --Tmetro (talk) 22:14, 25 November 2013 (UTC)[reply]

Checking for uid/gid

[edit]

It would be good to include how to check for setuid and setgid, like this http://professortux.com/2010/05/23/intro-setuid-and-setgid/

What is with these example cases?

[edit]

"planets", "doctors", "tails"... these sample names have no coherence to them and it makes them harder to follow. What do doctors have to do with planets, what do video game characters have to do with doctors, etc. I recommend changing these to sample names that make sense together; e.g. if "doctors" is the group, then usernames should be a list of recognizable people who are known doctors or known as something other than doctors, and the directory names should be something like "research", "patients", and so on. I also recommend steering clear of video game character names as many people aren't familiar with them, and these particular names all double as English words, making it even more confusing. — Preceding unsigned comment added by 192.234.2.90 (talk) 13:30, 22 January 2016 (UTC)[reply]


hi. i'm the author of the examples. i recently updated them in a big way, and later read your comment. i spent a long time doing personal research, and trying to make them as simple and clear as possible. i was intending to make them unrelated intentionally, so that people don't mix the examples up, as they are done very separately. i was under the impression that the niche audience of the article - extensive technology users - would be familiar with the sonic franchise. but i can see what you mean by saying it could be confusing for non-english users ! i've changed it to 'torvalds' and 'wozniak' and the kinds of directories/files that could reasonably be found on their computers. decided babyonemoretime.txt was too long, as much of a fan torvalds must be. Tetriminos (talk) 17:47, 2 September 2016 (UTC)[reply]

I do not understand the use of GUID.

[edit]

Isn't GUID a globally unique identifier? Did you mean SGID? It has been the convention for decades. Erikb495 (talk) 05:19, 9 September 2017 (UTC)[reply]


Changed "GUID" to "SGID". Reasons:

  • Unix not use GUID in file mode bits.
  • GUID this is something other. GUID = Globally Unique Identifier (32 character hexadecimal digits).

Sources :

Mode Bit Octal Description
S_ISUID 04000 set-user-ID
S_ISGID 02000 set-group-ID
S_ISVTX 01000 sticky bit
  • manual of libc (S_ISUID S_ISGID S_ISVTX) [[3]]
  • manual of getresuid [[4]]
int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid);
int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid);
  • Single UNIX® Specification, Version 4, 2018 Edition --> basedefs/sys_stat.h (S_ISUID S_ISGID S_ISVTX )
Date of Change and publication: 28.06.2018 year.

— Preceding unsigned comment added by 78.8.109.179 (talk) 22:22, 27 June 2018 (UTC)[reply]

chmod DOES allow to withdraw the same permissions

[edit]

The numeric way of setting these stick permissions as used above "chmod 6711 file" doesn't allow one to withdraw these same permissions as one would expect as "chmod 0711 file"

I tried this in an Arch Linux installation with coreutils 8.30-1, and it works. Maybe it's time to update this line and just omit it.Chibby0ne (talk) 13:34, 2 March 2019 (UTC)[reply]

Ping

[edit]

On my machine (Arch Linux), `ping` does not have the setuid bit set. Is there a reason that the article says it does?

Torvalds, Wozniak, and Tekken

[edit]

FWIW: I showed this page to Doug McIlroy, who said it's "one of the worst wikipedia pages I've seen".

With that out of the way, the reference to Tekken is even more out of place than the ones to Torvalds and Wozniak. Doug mentions the early game moo(6) (an implementation of Bulls and Cows); it was possibly the first uses of setuid to begin with ever, making it highly apropos as a replacement for, er... Tekken. We're trying to track down that claim in dmr's papers. -- C. A. Russell (talk) 21:05, 14 July 2020 (UTC)[reply]

The use of usernames and filenames relevant to the time of this feature's creation is a nice bit of nerd fun, which I generally approve of. And as such it's nice to get it historically accurate. However, the username and especially the working directory in the prompt is distracting. There's so much text in the terminal logs that it makes it hard to focus on the actual details of interest. Likewise with so many variants of the `stat` format-string (if the goal is to know the modes, don't distract readers with the method of finding them each time—WP is an encyclopedia not a manpage EXAMPLES section). DMacks (talk) 08:11, 15 July 2020 (UTC)[reply]
The whole damn thing needs to go away. It's a stupid joke, I played along with the joke to try to make it slightly less embarrassing (Wozniak? Really?), but it spiralled into an unvarnished look at Wikipedia's lack of accountability and tendency to double down on dumb decisions from editors who should be doing better. I don't care for tolerating the joke anymore. Just get rid of the damn joke. -- C. A. Russell (talk) 10:50, 15 July 2020 (UTC)[reply]
Ah, if only you had said something like that the very first time you made that edit. Imagine, you could have read a half dozen Arthur Clarke stories with the time you wasted. Drmies (talk) 12:13, 15 July 2020 (UTC)[reply]
You mean the time you wasted? You *really* don't understand that the obligation is *yours* to explain the fault that you find in an edit that you revert, do you? Moreover, talk pages are for improving articles, not dropping in to make taunts about how much you can get away with while being an admin. (Personal attack removed). -- C. A. Russell (talk) 14:46, 15 July 2020 (UTC)[reply]
All you have to do is tell me why I shouldn't have pulled you over, and then I'll let you be on your way. -- C. A. Russell (talk) 01:09, 6 August 2021 (UTC)[reply]
Please focus on a proposal to improve the article. For what it's worth, I agree that mentioning specific people is silly, but using initials like "dmr" is too mysterious and not needed. I haven't examined the article and am not sure, but suspect the solution would be to remove the long examples (WP:NOTHOWTO). Or, remove the shell prompts and use the usual suspects, namely Alice and Bob in commands. Johnuniq (talk) 03:04, 6 August 2021 (UTC)[reply]
I think it makes sense to just remove the examples and move any information that's currently conveyed only there into article text. If someone needs examples they can Google for them (and get something specific to their needs). BernardoSulzbach (talk) 16:45, 6 August 2021 (UTC)[reply]