"I dont understand difference between SUID of binary and cap_setuid in linux.Then, difference between SUID and setuid"
Asked
Active
Viewed 646 times
1 Answers
2
SUID for a binary means that the binary is instrumented to become a different effective user when started. For example:
$ cp `which id` nobody_id
$ sudo chown nobody nobody_id
$ sudo chmod +s nobody_id
$ ./nobody_id
.... euid=65534(nobody) groups= ...
You can do the same thing but make the binary setuid-root to make the binary run with root's privileges.
CAP_SETUID is a Linux capability to permit a process to change UID from code: it can give the code permission to execute the setuid() system call. This is considered a privilege over what normal user code can do. It can be given to a program using a file-capability that doesn't affect the ownership of the file:
$ sudo setcap cap_setuid=ep my_program_binary
When ./my_program_binary is next run, it will run with that capability enabled.
Tinkerer
- 865
- 7
- 9