DOCSLIB.ORG

Unix File Security Considerations 1. Chmod

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Unix File Security Considerations Other than the login password mechanism (and you should take great care to protect your password), the basic mechanism used by Unix to control a user's access to files and directories is a method of access control often referred to as permission bits. Large Unix systems may also employ an access control list mechanism (ACL) to enable systems administrators to provide more specificity in the kind of access particular users have for specific files and directories. 1. chmod Basic permissions for files and directories are set with the Unix "chmod" command. In particular, chmod ijk <name> sets permissions for owner (i) group (j) all others (k) where each of i, j, and k are octal digits (0-7). Viewed bitwise, 4 = read, 2 = write, 1 = execute. Since 7=4+2+1 chmod 700 <file-name> sets read, write, and execute permission for the file owner and for no one else. Write permission for a file implies that you can delete the file as well as edit it. If write permission is not set for a file which you own, you can still delete it, but the system will prompt you for permission if you attempt to delete the file. You can check what permissions are set for a file by running ls -l <file-name> If you want to check an entire directory run ls -la (the –a option causes files prefaced by “.” to be included in the listing). If you set permissions for a file myfile that you own by chmod 006 myfile then you no longer have access to myfile, no one in your group has access to myfile, but everyone else who has a valid system account does! Since you are the owner of myfile, you can still change permissions, so you have not lost control of the file, but you can’t access it again without resetting permissions. chmod also has a "symbolic" mode for setting bits; e.g., chmod u+x myfile will set execute permission for the owner if not already set. Run man chmod for more details. 2. What permission should you set for directories? The Unix cd command is the means for changing to a different “working directory” (the current directory can be determined by running the Unix pwd (print working directory) command). Having execute permission for a directory is interpreted to mean that you can “cd” to it from its parent directory. Hence, you cannot “cd” to a directory unless you can “cd” to every directory on the path leading to it. If you can’t “cd” to a directory, you cannot access any files stored in the directory, no matter the permission settings for these files. Therefore, the easiest way to protect your work is by using appropriate directory permissions. Suppose that you have a subdirectory named “mywork” in your current working directory. Then chmod 700 mywork will protect all files stored in mywork from access by others since they cannot “cd” to mywork, regardless of the permissions you have set on files and directories within mywork. This is the setting that you should use for the directory in which you have your class work. Suppose that you have a subdirectory named subdir within your mywork directory. Then if you do chmod 700 mywork/subdir chmod 000 mywork you will no longer be able to access subdir! You must have at least execute permission for everything in the path to subdir. If you do chmod 100 mywork then you can access subdir but you won’t be able to list mywork. However, if there is a file in mywork for which you have access privileges, then you can still access it (you just have to remember the name!). Be careful in setting permissions for your home directory (you could inadvertently lock yourself out of it if you turn off execute permission, which may require getting the systems administrator to reset permissions). You can ensure that you are in your home directory by doing one of cd cd ~ cd ~<account-id> (~ represents your home directory in a path, such as ~/mywork). Generally, a recommended setting for your home directory is · all permissions for owner · execute permission only for all others i.e., from within your home directory execute chmod 711 . (the period is allowed shorthand for the current directory). This setting permits others to access subdirectories for which you have set the appropriate permissions, but not list what you have in your home directory. This is the kind of setting needed if you want to have a personal web page on the system. 3. Requirements for a personal web page Web pages are usually viewed over the internet using a web browser program such as Netscape or Internet Explorer, both of which come with most PCs. The UNF system is set up so that when a browser requests (via the internet) a user’s web page with "url" (uniform resource locator) http://www.unf.edu/~<account-id>/ the browser is connected through the UNF system to the directory given by ~<account-id> (access will be denied if execute permission for all others has not been set for this directory). That will be the end of it unless there is a subdirectory within ~<account-id> named homepage which has execute permission set for all others. In this case, the browser is positioned in the homepage directory. If there is a file named index.html within the homepage directory (with read permission set for all others), then it is automatically passed on to the web browser program to be processed. Any functional "html" files (hypertext markup language) in the homepage directory with read permission set for all others can be processed by the browser. For example, if the account-id is ustx0001, then for the url http://www.unf.edu/~ustx0001/ the browser will bring up index.html and for the url http://www.unf.edu/~ustx0001/abc.html the browser will bring up abc.html (assuming read permission for all others has been set for abc.html). Preparing your account for web access is as simple as cd configure the home directory chmod 711 . mkdir homepage create and configure chmod 711 homepage the homepage directory You can construct a crude index.html page to verify access from the internet by using output redirection (">") as follows: cd homepage echo "under construction" > index.html While the contents of the crude index.html file given above is not an html program, the browser program should be smart enough to compensate for the missing elements until a working page has been crafted. Read access for the index.html file generated via the redirection ">" is probably set by default to include all others, but if not, it can be set manually by chmod 744 index.html Via "plug-ins" or built-in capabilities, web browsers are usually able to process many types of files other than html program files. A recommended source for a complete presentation of html syntax is The Bare Bones Guide to HTML, on the internet at the url http://werbach.com/barebones/ 4. System default permissions The umask command sets a mask for those permissions to not set when a new file is created. To see what the system default is simply run it with no arguments; e.g., umask may return 022 which means that nothing is masked for the owner, and only write permission is masked for the other two categories. Hence, when you generate a new file with this mask in place you will find (via ls –l) that permissions are set to -rw-r--r— (if you create a directory, the execute bit will also be turned on since execute permission is not masked). umask 077 resets the mask so that nothing is masked for the owner and everything is masked for the other two categories. You may want to set umask in your .profile script, which runs automatically each time you log on to your account. On Osprey, when you copy an executable from the class directory (such as rand-ints or sicsimrun), execute permission gets turned off, which means you must set execute permission using chmod before the executable can be run; e.g., chmod u+x sicsimrun (this is an example use of “symbolic” mode for chmod; in this case the execute bit is set for the owner if it is not already on) 5. The sticky bit and other permission bits For completeness of discussion, there is a 4th set of permissions (whose use is generally restricted to system administrators). Under chmod, these are set by an octal digit which proceeds those for the 3 categories described above. The three bits are as follows: 1. bit 4=set user id to that of the owner when executing a program (when running as if executed by the owner, the program can do things, such as modify the pass word file, for which the user does not have permission to do otherwise) 2. bit 2=set group id to that of the owner when executing a program (in effect bestowing the privileges of the group of the owner while the program is executing) 3. bit 1=the sticky bit (this can only be set in super user mode); for a file, the sticky bit is used to keep a file (usually an executable) resident in memory; for a directory, the sticky bit is used to restrict the files that you can delete to those which you own, even if you have write permission for other files in the directory. .
Recommended publications
  • DC Console Using DC Console Application Design Software

    DC Console Using DC Console Application Design Software

    DC Console Using DC Console Application Design Software DC Console is easy-to-use, application design software developed specifically to work in conjunction with AML’s DC Suite. Create. Distribute. Collect. Every LDX10 handheld computer comes with DC Suite, which includes seven (7) pre-developed applications for common data collection tasks. Now LDX10 users can use DC Console to modify these applications, or create their own from scratch. AML 800.648.4452 Made in USA www.amltd.com Introduction This document briefly covers how to use DC Console and the features and settings. Be sure to read this document in its entirety before attempting to use AML’s DC Console with a DC Suite compatible device. What is the difference between an “App” and a “Suite”? “Apps” are single applications running on the device used to collect and store data. In most cases, multiple apps would be utilized to handle various operations. For example, the ‘Item_Quantity’ app is one of the most widely used apps and the most direct means to take a basic inventory count, it produces a data file showing what items are in stock, the relative quantities, and requires minimal input from the mobile worker(s). Other operations will require additional input, for example, if you also need to know the specific location for each item in inventory, the ‘Item_Lot_Quantity’ app would be a better fit. Apps can be used in a variety of ways and provide the LDX10 the flexibility to handle virtually any data collection operation. “Suite” files are simply collections of individual apps. Suite files allow you to easily manage and edit multiple apps from within a single ‘store-house’ file and provide an effortless means for device deployment.
  • UNIX Cheat Sheet – Sarah Medland Help on Any Unix Command List a Directory Change to Directory Make a New Directory Remove A

    UNIX Cheat Sheet – Sarah Medland Help on Any Unix Command List a Directory Change to Directory Make a New Directory Remove A

    THE 2013 INTERNATIONAL WORKSHOP ON STATISTICAL METHODOLOGY FOR HUMAN GENOMIC STUDIES UNIX cheat sheet – Sarah Medland Help on any Unix command man {command} Type man ls to read the manual for the ls command. which {command} Find out where a program is installed whatis {command} Give short description of command. List a directory ls {path} ls -l {path} Long listing, with date, size and permisions. ls -R {path} Recursive listing, with all subdirs. Change to directory cd {dirname} There must be a space between. cd ~ Go back to home directory, useful if you're lost. cd .. Go back one directory. Make a new directory mkdir {dirname} Remove a directory/file rmdir {dirname} Only works if {dirname} is empty. rm {filespec} ? and * wildcards work like DOS should. "?" is any character; "*" is any string of characters. Print working directory pwd Show where you are as full path. Copy a file or directory cp {file1} {file2} cp -r {dir1} {dir2} Recursive, copy directory and all subdirs. cat {newfile} >> {oldfile} Append newfile to end of oldfile. Move (or rename) a file mv {oldfile} {newfile} Moving a file and renaming it are the same thing. View a text file more {filename} View file one screen at a time. less {filename} Like more , with extra features. cat {filename} View file, but it scrolls. page {filename} Very handy with ncftp . nano {filename} Use text editor. head {filename} show first 10 lines tail {filename} show last 10 lines Compare two files diff {file1} {file2} Show the differences. sdiff {file1} {file2} Show files side by side. Other text commands grep '{pattern}' {file} Find regular expression in file.
  • Introduction to Linux – Part 1

    Introduction to Linux – Part 1

    Introduction to Linux – Part 1 Brett Milash and Wim Cardoen Center for High Performance Computing May 22, 2018 ssh Login or Interactive Node kingspeak.chpc.utah.edu Batch queue system … kp001 kp002 …. kpxxx FastX ● https://www.chpc.utah.edu/documentation/software/fastx2.php ● Remote graphical sessions in much more efficient and effective way than simple X forwarding ● Persistence - can be disconnected from without closing the session, allowing users to resume their sessions from other devices. ● Licensed by CHPC ● Desktop clients exist for windows, mac, and linux ● Web based client option ● Server installed on all CHPC interactive nodes and the frisco nodes. Windows – alternatives to FastX ● Need ssh client - PuTTY ● http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html - XShell ● http://www.netsarang.com/download/down_xsh.html ● For X applications also need X-forwarding tool - Xming (use Mesa version as needed for some apps) ● http://www.straightrunning.com/XmingNotes/ - Make sure X forwarding enabled in your ssh client Linux or Mac Desktop ● Just need to open up a terminal or console ● When running applications with graphical interfaces, use ssh –Y or ssh –X Getting Started - Login ● Download and install FastX if you like (required on windows unless you already have PuTTY or Xshell installed) ● If you have a CHPC account: - ssh [email protected] ● If not get a username and password: - ssh [email protected] Shell Basics q A Shell is a program that is the interface between you and the operating system
  • The Ifplatform Package

    The Ifplatform Package

    The ifplatform package Original code by Johannes Große Package by Will Robertson http://github.com/wspr/ifplatform v0.4a∗ 2017/10/13 1 Main features and usage This package provides the three following conditionals to test which operating system is being used to run TEX: \ifwindows \iflinux \ifmacosx \ifcygwin If you only wish to detect \ifwindows, then it does not matter how you load this package. Note then that use of (Linux or Mac OS X or Cygwin) can then be detected with \ifwindows\else. If you also wish to determine the difference between which Unix-variant you are using (i.e., also detect \iflinux, \ifmacosx, and \ifcygwin) then shell escape must be enabled. This is achieved by using the -shell-escape command line option when executing LATEX. If shell escape is not enabled, \iflinux, \ifmacosx, and \ifcygwin will all return false. A warning will be printed in the console output to remind you in this case. ∗Thanks to Ken Brown, Joseph Wright, Zebb Prime, and others for testing this package. 1 2 Auxiliary features \ifshellescape is provided as a conditional to test whether shell escape is active or not. (Note: new versions of pdfTEX allow you to query shell escape with \ifnum\pdfshellescape>0 , and the pdftexcmds package provides the wrapper \pdf@shellescape which works with X TE EX, pdfTEX, and LuaTEX.) Also, the \platformname command is defined to expand to a macro that represents the operating system. Default definitions are (respectively): \windowsname ! ‘Windows’ \notwindowsname ! ‘*NIX’ (when shell escape is disabled) \linuxname ! ‘Linux’ \macosxname ! ‘Mac OS X’ \cygwinname ! ‘Cygwin’ \unknownplatform ! whatever is returned by uname E.g., if \ifwindows is true then \platformname expands to \windowsname, which expands to ‘Windows’.
  • A Brief Introduction to Unix-2019-AMS

    A Brief Introduction to Unix-2019-AMS

    Brief Intro to Linux/Unix Brief Intro to Unix (contd) A Brief Introduction to o Brief History of Unix o Compilers, Email, Text processing o Basics of a Unix session o Image Processing Linux/Unix – AMS 2019 o The Unix File System Pete Pokrandt o Working with Files and Directories o The vi editor UW-Madison AOS Systems Administrator o Your Environment [email protected] o Common Commands Twitter @PTH1 History of Unix History of Unix History of Unix o Created in 1969 by Kenneth Thompson and Dennis o Today – two main variants, but blended o It’s been around for a long time Ritchie at AT&T o Revised in-house until first public release 1977 o System V (Sun Solaris, SGI, Dec OSF1, AIX, o It was written by computer programmers for o 1977 – UC-Berkeley – Berkeley Software Distribution (BSD) linux) computer programmers o 1983 – Sun Workstations produced a Unix Workstation o BSD (Old SunOS, linux, Mac OSX/MacOS) o Case sensitive, mostly lowercase o AT&T unix -> System V abbreviations 1 Basics of a Unix Login Session Basics of a Unix Login Session Basics of a Unix Login Session o The Shell – the command line interface, o Features provided by the shell o Logging in to a unix session where you enter commands, etc n Create an environment that meets your needs n login: username n Some common shells n Write shell scripts (batch files) n password: tImpAw$ n Define command aliases (this Is my password At work $) Bourne Shell (sh) OR n Manipulate command history IHateHaving2changeMypasswordevery3weeks!!! C Shell (csh) n Automatically complete the command
  • A First Course to Openfoam

    A First Course to Openfoam

    Basic Shell Scripting Slides from Wei Feinstein HPC User Services LSU HPC & LON [email protected] September 2018 Outline • Introduction to Linux Shell • Shell Scripting Basics • Variables/Special Characters • Arithmetic Operations • Arrays • Beyond Basic Shell Scripting – Flow Control – Functions • Advanced Text Processing Commands (grep, sed, awk) Basic Shell Scripting 2 Linux System Architecture Basic Shell Scripting 3 Linux Shell What is a Shell ▪ An application running on top of the kernel and provides a command line interface to the system ▪ Process user’s commands, gather input from user and execute programs ▪ Types of shell with varied features o sh o csh o ksh o bash o tcsh Basic Shell Scripting 4 Shell Comparison Software sh csh ksh bash tcsh Programming language y y y y y Shell variables y y y y y Command alias n y y y y Command history n y y y y Filename autocompletion n y* y* y y Command line editing n n y* y y Job control n y y y y *: not by default http://www.cis.rit.edu/class/simg211/unixintro/Shell.html Basic Shell Scripting 5 What can you do with a shell? ▪ Check the current shell ▪ echo $SHELL ▪ List available shells on the system ▪ cat /etc/shells ▪ Change to another shell ▪ csh ▪ Date ▪ date ▪ wget: get online files ▪ wget https://ftp.gnu.org/gnu/gcc/gcc-7.1.0/gcc-7.1.0.tar.gz ▪ Compile and run applications ▪ gcc hello.c –o hello ▪ ./hello ▪ What we need to learn today? o Automation of an entire script of commands! o Use the shell script to run jobs – Write job scripts Basic Shell Scripting 6 Shell Scripting ▪ Script: a program written for a software environment to automate execution of tasks ▪ A series of shell commands put together in a file ▪ When the script is executed, those commands will be executed one line at a time automatically ▪ Shell script is interpreted, not compiled.
  • Linking + Libraries

    Linking + Libraries

    LinkingLinking ● Last stage in building a program PRE- COMPILATION ASSEMBLY LINKING PROCESSING ● Combining separate code into one executable ● Linking done by the Linker ● ld in Unix ● a.k.a. “link-editor” or “loader” ● Often transparent (gcc can do it all for you) 1 LinkingLinking involves...involves... ● Combining several object modules (the .o files corresponding to .c files) into one file ● Resolving external references to variables and functions ● Producing an executable file (if no errors) file1.c file1.o file2.c gcc file2.o Linker Executable fileN.c fileN.o Header files External references 2 LinkingLinking withwith ExternalExternal ReferencesReferences file1.c file2.c int count; #include <stdio.h> void display(void); Compiler extern int count; int main(void) void display(void) { file1.o file2.o { count = 10; with placeholders printf(“%d”,count); display(); } return 0; Linker } ● file1.o has placeholder for display() ● file2.o has placeholder for count ● object modules are relocatable ● addresses are relative offsets from top of file 3 LibrariesLibraries ● Definition: ● a file containing functions that can be referenced externally by a C program ● Purpose: ● easy access to functions used repeatedly ● promote code modularity and re-use ● reduce source and executable file size 4 LibrariesLibraries ● Static (Archive) ● libname.a on Unix; name.lib on DOS/Windows ● Only modules with referenced code linked when compiling ● unlike .o files ● Linker copies function from library into executable file ● Update to library requires recompiling program 5 LibrariesLibraries ● Dynamic (Shared Object or Dynamic Link Library) ● libname.so on Unix; name.dll on DOS/Windows ● Referenced code not copied into executable ● Loaded in memory at run time ● Smaller executable size ● Can update library without recompiling program ● Drawback: slightly slower program startup 6 LibrariesLibraries ● Linking a static library libpepsi.a /* crave source file */ … gcc ..
  • Unix/Linux Command Reference

    Unix/Linux Command Reference

    Unix/Linux Command Reference .com File Commands System Info ls – directory listing date – show the current date and time ls -al – formatted listing with hidden files cal – show this month's calendar cd dir - change directory to dir uptime – show current uptime cd – change to home w – display who is online pwd – show current directory whoami – who you are logged in as mkdir dir – create a directory dir finger user – display information about user rm file – delete file uname -a – show kernel information rm -r dir – delete directory dir cat /proc/cpuinfo – cpu information rm -f file – force remove file cat /proc/meminfo – memory information rm -rf dir – force remove directory dir * man command – show the manual for command cp file1 file2 – copy file1 to file2 df – show disk usage cp -r dir1 dir2 – copy dir1 to dir2; create dir2 if it du – show directory space usage doesn't exist free – show memory and swap usage mv file1 file2 – rename or move file1 to file2 whereis app – show possible locations of app if file2 is an existing directory, moves file1 into which app – show which app will be run by default directory file2 ln -s file link – create symbolic link link to file Compression touch file – create or update file tar cf file.tar files – create a tar named cat > file – places standard input into file file.tar containing files more file – output the contents of file tar xf file.tar – extract the files from file.tar head file – output the first 10 lines of file tar czf file.tar.gz files – create a tar with tail file – output the last 10 lines
  • The Linux Command Line

    The Linux Command Line

    The Linux Command Line Fifth Internet Edition William Shotts A LinuxCommand.org Book Copyright ©2008-2019, William E. Shotts, Jr. This work is licensed under the Creative Commons Attribution-Noncommercial-No De- rivative Works 3.0 United States License. To view a copy of this license, visit the link above or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042. A version of this book is also available in printed form, published by No Starch Press. Copies may be purchased wherever fine books are sold. No Starch Press also offers elec- tronic formats for popular e-readers. They can be reached at: https://www.nostarch.com. Linux® is the registered trademark of Linus Torvalds. All other trademarks belong to their respective owners. This book is part of the LinuxCommand.org project, a site for Linux education and advo- cacy devoted to helping users of legacy operating systems migrate into the future. You may contact the LinuxCommand.org project at http://linuxcommand.org. Release History Version Date Description 19.01A January 28, 2019 Fifth Internet Edition (Corrected TOC) 19.01 January 17, 2019 Fifth Internet Edition. 17.10 October 19, 2017 Fourth Internet Edition. 16.07 July 28, 2016 Third Internet Edition. 13.07 July 6, 2013 Second Internet Edition. 09.12 December 14, 2009 First Internet Edition. Table of Contents Introduction....................................................................................................xvi Why Use the Command Line?......................................................................................xvi
  • Student Number: Surname: Given Name

    Student Number: Surname: Given Name

    Computer Science 2211a Midterm Examination Sample Solutions 9 November 20XX 1 hour 40 minutes Student Number: Surname: Given name: Instructions/Notes: The examination has 35 questions on 9 pages, and a total of 110 marks. Put all answers on the question paper. This is a closed book exam. NO ELECTRONIC DEVICES OF ANY KIND ARE ALLOWED. 1. [4 marks] Which of the following Unix commands/utilities are filters? Correct answers are in blue. mkdir cd nl passwd grep cat chmod scriptfix mv 2. [1 mark] The Unix command echo HOME will print the contents of the environment variable whose name is HOME. True False 3. [1 mark] In C, the null character is another name for the null pointer. True False 4. [3 marks] The protection code for the file abc.dat is currently –rwxr--r-- . The command chmod a=x abc.dat is equivalent to the command: a. chmod 755 abc.dat b. chmod 711 abc.dat c. chmod 155 abc.dat d. chmod 111 abc.dat e. none of the above 5. [3 marks] The protection code for the file abc.dat is currently –rwxr--r-- . The command chmod ug+w abc.dat is equivalent to the command: a. chmod 766 abc.dat b. chmod 764 abc.dat c. chmod 754 abc.dat d. chmod 222 abc.dat e. none of the above 2 6. [3 marks] The protection code for def.dat is currently dr-xr--r-- , and the protection code for def.dat/ghi.dat is currently -r-xr--r-- . Give one or more chmod commands that will set the protections properly so that the owner of the two files will be able to delete ghi.dat using the command rm def.dat/ghi.dat chmod u+w def.dat or chmod –r u+w def.dat 7.
  • Unix Security Overview: 1

    Unix Security Overview: 1

    CIS/CSE 643: Computer Security (Syracuse University) Unix Security Overview: 1 Unix Security Overview 1 User and Group • Users – root: super user (uid = 0) – daemon: handle networks. – nobody: owns no files, used as a default user for unprivileged operations. ∗ Web browser can run with this mode. – User needs to log in with a password. The encrypted password is stored in /etc/shadow. – User information is stored in /etc/passwd, the place that was used to store passwords (not anymore). The following is an example of an entry in this file. john:x:30000:40000:John Doe:/home/john:/usr/local/bin/tcsh • Groups – Sometimes, it is more convenient if we can assign permissions to a group of users, i.e. we would like to assign permission based on groups. – A user has a primary group (listed in /etc/passwd), and this is the one associated to the files the user created. – Any user can be a member of multiple groups. – Group member information is stored in /etc/group % groups uid (display the groups that uid belongs to) – For systems that use NIS (Network Information Service), originally called Yellow Page (YP), we can get the group information using the command ypcat. % ypcat group (can display all the groups and their members) 2 File Permissions • File Permissions – The meaning of the permission bits in Unix. ∗ Owner (u), Group (g), and Others (o). ∗ Readable (r), Writable (w), and Executable (x). ∗ Example: -rwxrwxrwx (777) • Permissions on Directories: – r: the directory can be listed. – w: can create/delete a file or a directory within the directory.
  • File Security Lock Down Your Data

    File Security Lock Down Your Data

    File Security Lock Down Your Data Brian Reames January 22, 2012 Table of Contents 1.0 Basic Linux Permissions...............................................................................................................4 1.1 Determining Permissions……………………………………………………………………..................... 5 1.2 File Permissions vs. Directory Permissions………………………………………………….............. 6 1.3 Changing Permissions………………………………………………………………………….................... 7 1.3.1 Symbolic Method…………………………………………………………………….................... 8 1.3.2 Octal Method………………………………………………………………………..................... 10 1.3.3 Changing Permissions Graphically……………………………………………….............. 12 1.4 Examples of Unintentional Access…………………………………………………………................. 13 2.0 Setting Default Permissions………………………………………………………………………...................... 15 2.1 Common umask Settings……………………………………………………………………....................17 3.0 Advanced Linux Permissions……………………………………………………………………….................... 18 3.1 Special Permission: setuid………………………………………………………………….....................19 3.1.1 Setting the setuid Permission……………………………………………………................ 20 3.1.2 Caution Regarding setuid………………………………………………………….................22 3.2 Special Permission setgid……………………………………………………………………................... 23 3.2.1 setgid on a File……………………………………………………………………...................... 24 3.2.2 setgid on a Directory……………………………………………………………….................. 25 3.2.3 Caution Regarding setgid…………………………………………………………................. 28 3.3 Special Permission: sticky bit………………………………………………………………..................