how to demonstrate SGID workings

General support questions
Post Reply
some_dumb_guy
Posts: 3
Joined: 2017/11/08 18:03:34

how to demonstrate SGID workings

Post by some_dumb_guy » 2018/02/13 14:47:56

Howdy,
So I am trying to demonstrate to myself the workings of setting SGID bit. SUID demonstation was simple enough. Run passwd, switch to another terminal and run

Code: Select all

[sdg@centy ~]$ ps -eo euser,egroup,ruser,rgroup,command|grep passwd
root     sdg sdg sdg passwd

I believe I understand SGID works in a pretty similar way, only changing the effective group rather than the effective user for the process.

First, I looked for files with SGID bit set and came up with ssh-agent as being one I might could demonstrate with.

Code: Select all

---x--s--x. 1 root nobody 382232 Oct 19 16:52 /usr/bin/ssh-agent
I ran ssh-agent bash, and switched terminal, but my user's normal group was listed as the effective group owner of that process, rather than nobody.

I figured there could be any number of thing happening behind the scenes which I didn't understand so maybe I could try a different approach. I copied the sleep utility into my homedir owned by root:root, and set the SGID.

Code: Select all

[sdg@centy ~]$ ls -l ./sleep
-rwxr-Sr-x. 1 root root 33112 Feb 13 07:59 ./sleep
[sdg@centy ~]$ ./sleep 300

[sdg@centy ~]$ ps -eo euser,egroup,command|grep ./sleep
sdg sdg ./sleep 300
sdg sdg grep --color=auto ./sleep
[sdg@centy ~]$ 
However actually demonstrating this is proving more challenging than I expected. Obviously SGID works properly, and I am just some dumb guy who is missing something to demonstrate it properly. Could someone please fill me in where I am making mistakes?

Thanks,
SDG

some_dumb_guy
Posts: 3
Joined: 2017/11/08 18:03:34

Re: how to demonstrate SGID workings

Post by some_dumb_guy » 2018/02/13 15:07:18

I guess i should specify I am referring to demonstrating SGID's behavior on a file, rather than a directory. Demonstrating SGID on a directory was pretty simple to prove that newly created files are given the group of the directory rather than the user creating the file.

pjsr2
Posts: 338
Joined: 2014/03/27 20:11:07

Re: how to demonstrate SGID workings

Post by pjsr2 » 2018/02/13 15:35:26

Code: Select all

[sdg@centy ~]$ ls -l ./sleep
-rwxr-Sr-x. 1 root root 33112 Feb 13 07:59 ./sleep
Look carefully at the permissions: you have an upper case 'S', not lower case 's'. This means that the group execute permission was not set before you applied the SGID.

Do the following:

Code: Select all

sudo chown root.root ./sleep
sudo chmod 755 ./sleep
ls -l ./sleep
sudo chmod g+s ./sleep
ls -l ./sleep
Now you should see permissions like and SGID should work as expected:

Code: Select all

-rwxr-sr-x. 1 root root 33112 Feb 13 07:59 ./sleep

some_dumb_guy
Posts: 3
Joined: 2017/11/08 18:03:34

Re: how to demonstrate SGID workings

Post by some_dumb_guy » 2018/02/13 15:56:09

Yes! Thanks!

Post Reply