In Unix, if I run a binary which mucks around with files, does the binary have the same file permissions as myself (the user who ran the binary)?
Asked
Active
Viewed 226 times
2
-
2Actually it is not the binary that has permissions, but the process. The process was started by a user. So the process inherits the _current_ rights, settings and environment of that users current shell. Whatever current means in a given situation... – arkascha May 29 '18 at 06:15
1 Answers
2
In most of the cases, the answer is yes!
However this is not true if you have setuid, setgid bits enabled on that binary.
Classic example of binary with the setuid enabled.
ls -ltra `which passwd`
That command would not be able to work, if it could not grant you (the user that execute the command) the same privilege as root during its execution to modify files like /etc/password or /etc/shadow
Have a look at:
https://docs.oracle.com/cd/E19683-01/816-4883/secfile-69/index.html
setuid Permission
When set-user identification (setuid) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who is running the executable file. This special permission allows a user to access files and directories that are normally only available to the owner.
setgid Permission
The set-group identification (setgid) permission is similar to setuid, except that the process's effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions granted to that group. The /usr/bin/mail command has setgid permissions
You might also want to have a look at fork and exec if you want to dig a bit further into how does Linux manage processes and subprocesses.
Allan
- 12,117
- 3
- 27
- 51