Meaning of the access permissions "rws" and "root root" of /usr/bin/sudo

permissions sudo root
29,599

The s in rws stands for setuid meaning set user ID. This is a special permission bit that allows the program, when run by any user, to be run with the effective UID of the owner, in this case, root. So when you as a normal user run the sudo executable, you effectively do so as root. This permission bit is a security risk, and should only be applied where absolutely necessary.

Explanation of the setuid bit from The Linux Command Line by William E. Shotts Jr:

When applied to an executable file, it sets the effective user ID from that of the real user (the user actually running the program) to that of the program's owner. Most often this is given to a few programs owned by the superuser. When an ordinary user runs a program that is "setuid root" , the program runs with the effective privileges of the superuser. This allows the program to access files and directories that an ordinary user would normally be prohibited from accessing. Clearly, because this raises security concerns, the number of setuid programs must be held to an absolute minimum.

The second root in the listing is the group that owns the file, and yes, only the user root is in the group root:

$ getent group root
root:x:0:

Here's an example of a file that has different user and group ownership:

-rw-r----- 1 root shadow 1456 Nov 22 20:08 /etc/shadow

This means that the file can be read and written to only by root, but members of the group shadow may also read the file.

Share:
29,599

Related videos on Youtube

user3142443
Author by

user3142443

Updated on September 18, 2022

Comments

  • user3142443
    user3142443 over 1 year

    In the following access permissions, I am not sure what the second "root" stands for.

    The first one is the owner who has permissions rws (what does s stand for?) and the second one is the group named root. Is it a special group in which only the root user is member? 

    $ ls -l /usr/bin/sudo
-rwsr-xr-x 1 root root 157760 Jan 11 2016 /usr/bin/sudo

    If I am wrong, then what is the meaning of the above access permissions?

    • AnotherKiwiGuy
      AnotherKiwiGuy over 7 years
      You can find some good information about File Attributes here
    • Zanna
      Zanna over 7 years
      @ThatGuy <3 the Arch wiki. I think our permissions tag wiki is quite helpful too.
    • AnotherKiwiGuy
      AnotherKiwiGuy over 7 years
      @Zanna Oh excellent! I'll have to have a browse around :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Open file or application as root from GUI
How to add my user account to admin group (13.10 desktop)
Sudoers.d Permissions denied
Sudo Non-Password access to /sys/power/state
Why is running Wine with sudo dangerous?
What is "root" and how can I become it?
Suddenly can't run sudo
Home folder in `root` and not in `home`... I'm confused!
How do I check if my root password (login) is disabled?
mona is not in the sudoers file. This incident will be reported