Hallo, Guy Clotilde hat gesagt: // Guy Clotilde wrote: > Anyway, as I'm quite dumb about it, can you enlighten me about what > it means 'setuid root'? How exactly do I setuid root a prog (I have > read about the 's' bit)? Yes, you add the "s"etuid bit by channging the file mode with "chmod u+s /usr/bin/program" and you get rid of it by "chmod u-s /usr/bin/program" > Can I setuid any program (er... is it dangerous)? It can be dangerous. Most audio software drops the root privileges after they gained a higher scheduling, but the bigger the sofware, the easier it is to make mistakes with this. It might be a good idea, to only allow a certain group of users to run the setuid programs or use something like "super" to control acess. Using a kernel feature called capabilities also does reduces the need to "setuid root" larger programs. But then, setuid also is something ordinary on Linux. For example, the /usr/bin/passwd programm is also "setuid root". It allows users to change their own password and effectifly change a system file like /etc/passwd. Without higher privileges they couldn't do this. > Does any program 'setuid root' really run with roots provileges? Effectivly yes, at least at the start. But as I said, most programs stop being root on their own with something like the setuid-C-function, see "man 2 setuid". ciao -- Frank Barknecht _ ______footils.org__
