Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!cbosgd!ihnp4!ptsfa!ames!hao!gatech!bloom-beacon!oberon!sdcrdcf!burdvax!bpa!cbmvax!vu-vlsi!cgh!amanue!jr
From: jr@amanue.UUCP
Newsgroups: comp.os.minix
Subject: Re: MKDIR & MKNOD call in MINIX
Message-ID: <224@amanue.UUCP>
Date: Fri, 3-Jul-87 23:11:47 EDT
Article-I.D.: amanue.224
Posted: Fri Jul  3 23:11:47 1987
Date-Received: Sat, 11-Jul-87 16:36:02 EDT
References: <461@csm9a.UUCP>
Organization: Amanuensis Inc., Grindstone, PA
Lines: 37
Summary: You have to set the setuid bit

In article <461@csm9a.UUCP>, japplega@csm9a.UUCP (Joe Applegate) writes:
> case in point.... only uid 0 (root) can
> call mknod()... that fits in well with the V7 doc... but mkdir.c calls mknod()
> to create a directory!  Apparently mv does likewise when renaming or moving 
> a directory... the end result is that if you recompile fs no one but the
> super-user can mkdir or mv (directories).... 

OK, I'm sure you will get a chorus of answers on this one.  If you recompile
mv or mkdir you must turn on what is called the setuid bit.  There is an
analogous mechanism in OS-9 but it's much more obscure, and if I tell you what
it is I'll probably garble it.  (Something related to making the uid in the
*module* be superuser.)  The UNIX file permission bits use three tuples of
three bits each, rwx, for user, group, and other.  But in addition there are
two special bits, with octal values 4000 and 2000.  These are called
respectively the *setuid* bit and *setgid* bit.  You turn them on and off with
the chmod command (see page 388 of the book, where it gives an example of
turning on the setuid bit.)  When an a.out file (is that still the right term
under MINIX?) is executed and the setuid bit is on, then the effective uid of
the process becomes *the owner of the file*.  If you're logged in as root and
you issue the command

chmod 4755 /bin/mkdir

then *anyone* executing the mkdir command will have effective uid root while
running that command.  It's standard behavior for the C compiler to turn off
the setuid bit when a program is recompiled, and it must be explicitly turned
back on.  The setgid bit is the same concept exactly, except that it sets the
gid rather than the uid.  "Setuid-root" programs are the way UNIX allows such
things as mail programs to be able to modify the recipient's mailbox file
without granting everyone write permission on that file.

Incidentally Dennis Ritchie has a patent on the concept of the setuid bit.
-- 
 Jim Rosenberg
     CIS: 71515,124                         decvax!idis! \
     WELL: jer                                   allegra! ---- pitt!amanue!jr
     BIX: jrosenberg                 seismo!cmcl2!cadre! /