Every program on CentOS runs within the environment of a user account regardless of whether the program is executed by a user or run as an automated system process. However, sometimes we want the program to run with different restrictions and access those rights the account is allowed. For example, a user should be able to use the passwd
command to reset their password. The command needs write access to /etc/passwd
but we don't want the user running the command to have such access. This recipe teaches you how setting a program's SUID and SGID permission bits allows it to execute within the environment of a different user.
This recipe requires a CentOS system. Administrative privileges are also required, either by logging in with the root
account or by the use of sudo
.