z/OS UNIX System Services User's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Temporarily changing the user ID or group ID during execution

z/OS UNIX System Services User's Guide
SA23-2279-00

An executable file can have an additional attribute, which is displayed in the execute position (x) when you issue ls -l. This permission setting is used to allow a program temporary access to files that are not normally accessible to other users. An s or S can appear in the execute permission position; this permission bit sets the effective user ID or group ID of the user process executing a program to that of the file whenever the file is run. The setuid and setgid bits are only honored for executable files containing load modules. These bits are not honored for shell script and REXX execs that reside in the file system.
s
In the owner permissions section, this indicates that the set-user-ID (S_ISUID) bit is set and execute (search) permission is set.

In the group permissions section, this indicates that the set-group-ID (S_ISGID) bit is set and execute (search) permission is set.

 

S
In the owner permissions section, this indicates that the set-user-ID (S_ISUID) bit is set, but the execute (search) bit is not.

In the group permissions section, this indicates that the set-group-ID (S_ISGID) bit is set, but the execute (search) bit is not.

A good example of this behavior is the mailx utility. A user sending mail to another user on the same system is actually appending the mail to the recipient's mail file, even though the sender does not have the appropriate permissions to do this—the mail program does.

Parent topic: Handling security for your files

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014