Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!cbosgd!ihnp4!ptsfa!ames!hao!gatech!bloom-beacon!oberon!sdcrdcf!burdvax!bpa!cbmvax!vu-vlsi!cgh!amanue!jr From: jr@amanue.UUCP Newsgroups: comp.os.minix Subject: Re: MKDIR & MKNOD call in MINIX Message-ID: <224@amanue.UUCP> Date: Fri, 3-Jul-87 23:11:47 EDT Article-I.D.: amanue.224 Posted: Fri Jul 3 23:11:47 1987 Date-Received: Sat, 11-Jul-87 16:36:02 EDT References: <461@csm9a.UUCP> Organization: Amanuensis Inc., Grindstone, PA Lines: 37 Summary: You have to set the setuid bit In article <461@csm9a.UUCP>, japplega@csm9a.UUCP (Joe Applegate) writes: > case in point.... only uid 0 (root) can > call mknod()... that fits in well with the V7 doc... but mkdir.c calls mknod() > to create a directory! Apparently mv does likewise when renaming or moving > a directory... the end result is that if you recompile fs no one but the > super-user can mkdir or mv (directories).... OK, I'm sure you will get a chorus of answers on this one. If you recompile mv or mkdir you must turn on what is called the setuid bit. There is an analogous mechanism in OS-9 but it's much more obscure, and if I tell you what it is I'll probably garble it. (Something related to making the uid in the *module* be superuser.) The UNIX file permission bits use three tuples of three bits each, rwx, for user, group, and other. But in addition there are two special bits, with octal values 4000 and 2000. These are called respectively the *setuid* bit and *setgid* bit. You turn them on and off with the chmod command (see page 388 of the book, where it gives an example of turning on the setuid bit.) When an a.out file (is that still the right term under MINIX?) is executed and the setuid bit is on, then the effective uid of the process becomes *the owner of the file*. If you're logged in as root and you issue the command chmod 4755 /bin/mkdir then *anyone* executing the mkdir command will have effective uid root while running that command. It's standard behavior for the C compiler to turn off the setuid bit when a program is recompiled, and it must be explicitly turned back on. The setgid bit is the same concept exactly, except that it sets the gid rather than the uid. "Setuid-root" programs are the way UNIX allows such things as mail programs to be able to modify the recipient's mailbox file without granting everyone write permission on that file. Incidentally Dennis Ritchie has a patent on the concept of the setuid bit. -- Jim Rosenberg CIS: 71515,124 decvax!idis! \ WELL: jer allegra! ---- pitt!amanue!jr BIX: jrosenberg seismo!cmcl2!cadre! /