Linux permissions support an extra position for special bits. These special bits provide privilege escalation to the user owner or group owner for executable files. This allows normal users to elevate privileges without configuring complex services. Note, that these users are not prompted for any password. As such files with SUID and SGID bits set can be dangerous. We can locate these files using the find command.
- [Instructor] SUID and SGID…are special bits for privilege escalation…on executical files.…The SUID bit allows non-user owners…to execute commands with the privileges of the user owner.…In a terminal, let's do a long list…on slash USR slash bin slash SU,…by typing in…ls -l…/usr/bin/su, and hit Enter.…The first thing you may notice…is that the file's bright red.…
This tells us something special is happening here.…Let's take a look at the permissions.…The permissions for the user owner…are rws.…Note that we can no longer see…the user owner's execute position.…The s in the user owner's execute position…means we have the SUID bit set.…If the s is lowercase, then the execute is also set.…If the S is uppercase, then the execute permissions…are not set.…The case of the S is the only way to tell…if execute permissions are set or not.…
When the SUID bit is set,…and regularly users such as Bob executes it,…their privileges get elevated…to that of the user owners.…In our example, Bob would be executing…the SU command as route.…
Author
Grant McWilliams
Released
4/10/2017- Getting file attributes and extended attributes
- Creating and copying files and directories
- Moving and renaming files and directories
- Creating links to files and directories
- Reviewing standard Linux permissions
- Setting permissions using numeric method and symbolic method
- Reading and setting ACLs
- Managing default ACLs
Skill Level Intermediate
Duration
Views
-
Introduction
-
Welcome53s
-
-
1. Linux Files
-
What is a file?2m 10s
-
Get file attributes3m 41s
-
Get extended attributes4m 13s
-
Pattern matching using globs4m 51s
-
-
2. Manipulate Files
-
Create files and dirs5m 18s
-
Copy files and dirs5m 48s
-
Remove files and dirs6m 2s
-
-
3. Standard Unix Permissions
-
File and directory modes1m 19s
-
File ownership4m 34s
-
4. ACLs
-
ACL overview3m 4s
-
Read ACLs3m 36s
-
Set ACLs5m 49s
-
Manage default ACLs4m 27s
-
Delete ACLs4m 15s
-
ACL tricks5m 13s
-
-
Conclusion
-
Next steps47s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Special file bits: SUID and SGID