CS360: Exam 1: 10/22/97. Answer to Question 1

• Part 1: The setuid bit is one of the file's mode bits, stored in the inode of the file. When it is set, then any user that executes the code will assume the user id of the owner of the file.

• Part 2: Suppose you want to enable users to append to a log file that you own. Without the setuid bit, you cannot do this safely. If you don't give other users write permission, then they cannot add a log entry to your log file. However, if you do give them write permission, then they can write anywhere to the file -- you can't restrict them to only append log entries.

  The solution is to write a program that appends the proper log entry to the file, and then set the program's setuid bit. Then set the permission of the file so that the user does not have write access, but you do (0644 or 0600). When the user executes the program, he/she will assume your user id, meaning that he/she can append to the log file. Thus, you have granted restricted writing priviledges to the user.

• Part 3: Suppose you want to enable users to read only the first line of a file that you own. Without the setuid bit, you cannot do this safely. If you don't give other users read permission, then they cannot read any part of this file. However, if you do give them read permission, then they can read anywhere from the file -- you can't restrict them to read only the first line.

  The solution is to write a program that reads just the first line of the file, and then set the program's setuid bit. Then set the permission of the file so that the user does not have read access, but you do (i.e. 0600 or 0400). When the user executes the program, he/she will assume your user id, meaning that he/she can read the first line of the file. Thus, you have granted restricted reading priviledges to the user.