I get that setuid
on a binary executable allows the process to get the effective uid of the binary owner. What I cannot understand is what if setuid
bit is off but setgid
bit is on for a particular executable. What happens in this case?
Example:
Suppose we have following permissions
ls -l my_bin
r-xr-s--- root wheel my_bin
Now suppose user userA
is a a member of group wheel
. What happens when userA
tries to run this program?
I am thinking that the effective user id of this process will become the same as uid
for the user by the name wheel
. It is a contrived example but I am confused by how group rights alter the effective uid or whether they have any impact on effective uid at all.
Best Answer
The setgid bit works the same as the setuid bit, but for the group ID. So the process will be run with an effective group ID of wheel. The effective (and real) user ID will still be that of whichever user started the program.
Your user's membership in that group doesn't matter one way or the other.
edit: example C program so you can play around with how it works. Not portable, but trivial to adopt for another system: