File permission "s"

wat0114 · Oct 22, 2012

Checking file permissions, I notice
Code:
-rw[color=darkred]s[/color]r-xr-x 1 root root
on the executable chrome-sandbox. From what I briefly researched, it seems to imply giving the user temporary root permissions? Is this true and if so, why is it necessary?

BrandiCandi · Oct 22, 2012

See this link for a simple explanation: http://content.hccfl.edu/pollock/aunix1/filepermissions.htm

Note the SUID, SGID, and sticky bits have no columns of their own in an ls output, but if turned on they show up as special characters (that is, not "x" or "-") in the execute columns for the owner, group, and others. The SUID bit displays as an "S" in the owner's execute column of the output. If the execute bit is also set then an "s" is used. The SGID bit appears similarly in the group's execute column. The sticky bit appears in the others' execute column, as a "T" or as a "t" if the other execute bit is also set.

An example:

-rwsr-S--t 1 Hymie staff 78 Aug 14 13:08 foo

Here, the owner (Hymie) is granted read, write, and execute permission, the group members (staff) are granted read permission, and others are granted execute permission. In addition, the SUID, SGID, and sticky bits are all set.
Click to expand...

Therefore the "s" showing indicates that root has executable and SUID rights. The link also explains what SUID is if you don't know.

BrandiCandi · Oct 22, 2012

But no, the thing you're showing is owned by root. The normal user couldn't use it unless they elevated their privileges.

wat0114 · Oct 22, 2012

BrandiCandi said:

But no, the thing you're showing is owned by root. The normal user couldn't use it unless they elevated their privileges.
Click to expand...

Group and Other can still execute, though. I just wonder what is special about the "s" permission that User has. Thanks!

chronomatic · Oct 22, 2012

wat0114 said:
Checking file permissions, I notice
Code:
-rw[color=darkred]s[/color]r-xr-x 1 root root
on the executable chrome-sandbox. From what I briefly researched, it seems to imply giving the user temporary root permissions? Is this true and if so, why is it necessary?
Click to expand...
It's necessary because the Chrome-sandbox has to have root to actually go into sandbox mode. Once it chroots it then drops those privileges. Info here: https://code.google.com/p/setuid-sandbox/

wat0114 · Oct 23, 2012

Excellent, thanks chronomatic

Log in or Sign up

File permission "s"

wat0114 Registered Member

BrandiCandi Guest

BrandiCandi Guest

wat0114 Registered Member

chronomatic Registered Member

wat0114 Registered Member

Log in or Sign up

File permission "s"

wat0114 Registered Member

BrandiCandi Guest

BrandiCandi Guest

wat0114 Registered Member

chronomatic Registered Member

wat0114 Registered Member

Useful Searches