Copying binaries

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Copying binaries

Post by Ambush Commander »

Hello folks, I have a question about Linux executables. I have a bunch of binaries that I compiled myself which are stored in a bin directory I own. For one of these executables, I'd like to make give it the setguid bit, but only for users that are in the group that owns the file, i.e. users that are in the world should not be able to execute the binary. I'd rather not tamper with the original, so what I'd like to do is copy it to another name, and then give it the custom permissions. The process would look something like:

Code: Select all

cp svnserve svnserve-l
chmod 2774 svnserve-l
Would this cause problems?
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Would a sym-link be an alternative solution?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Would the setgid properties work on a symlink?

Alternatively, if someone could tell me how to get a bash script to change the current group ID to something else, that would work too...
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

can't change perms on a symlink, only it's referenced file.

uid/gid allows you to chown/chgrp the file to the owner/group who has the correct privileges, then chmod it to allow others to execute. It will then run as the owner/owning group.

setuid and chown the file to the user with sufficient run privileges, then chgrp it to the group you want to allow to run the binary, and chmod o-x.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Yes, but that changes the permissions on the original binary. On second thought, though, it seems sufficient: I don't plan on letting anyone not in the group use the binary.
Post Reply