Ubuntu – How to you know if executing a program requires root

permissionsroot

I understand that this is a bit fundamental and perhaps a silly question, but I haven't been able to find an answer.

I understand that every file has the "Executable" bit.

I assumed that programs that require root, that are owned by root user and root group will not have the Executable bit for Other and that would prevent non-root users executing those. But in the /bin and /sbin directories I see that all the files have permissions like -rwxr-xr-x

So what really determines if a user needs to have root permission to execute something?

Best Answer

Sometime, it's in the code. For example, midway of hwclock.c, you'll find:

if (getuid() == 0)
            permitted = TRUE;
else {
            /* program is designed to run setuid (in some situations) */
            if (set || systohc || adjust) {
                    warnx(_("Sorry, only the superuser can change "
                            "the Hardware Clock."));
[...]

which will change the behavior of the program if you're root or not.

In most other cases, it's implicit; delegated to the kernel. For example, if the program calls the system call that let you reboot the system, it will work only if you are root. If you are not root, you will have a "permission denied" error that the application (if well written) simply reports to you. Or you are trying to delete a file; if you have the right permission on the file to do it, it will succeed; if not, it depends if you are root or not --- when rm calls unlink() the kernel will check permissions.

So no, in principle you can't say just looking at the permission of the executable if the program requires root privileges or not. A lot of programs will require them only for some operation, so it will be really difficult to do something like that. The case of hwclock is one (anyone can read the clock but only root can set it), but there are hundreds of them (kill, rm, cat... )

Then there is the related and interesting world of setuid programs...

Related Solutions

Ubuntu – Default filesystem permissions and access rights in 12.04

For the reason behind the change in permissions see Here

To change the default umask either set umask 022 in ~/.profile or /etc/profile

Ubuntu – Change group access to directory and all sub directories and files

The chown command is to change user and group ownership, to change permissions, you need chmod. So, once you have set the group ownership to pandya using chown as you have, change the permissions to give the group write access:

chmod -R g+w /media/pandya/Ext4/

From man chmod:

The format of a symbolic mode is [ugoa...][[+-=][perms...]...], where perms is either zero or more letters from the set rwxXst, or a single letter from the set ugo. Multiple symbolic modes can be given, separated by commas.

A combination of the letters ugoa controls which users' access to the file will be changed: the user who owns it (u), other users in the file's group (g), other users not in the file's group (o), or all users (a). If none of these are given, the effect is as if a were given, but bits that are set in the umask are not affected.

The operator + causes the selected file mode bits to be added to the existing file mode bits of each file; - causes them to be removed; and = causes them to be added and causes unmentioned bits to be removed

-R, --recursive

change files and directories recursively

So, g+w means "give users that belong to the file's group write access" and -R means apply to all files and subdirectories recursively.

Best Answer

Related Solutions

Ubuntu – Default filesystem permissions and access rights in 12.04

Ubuntu – Change group access to directory and all sub directories and files

Related Question