Of course, there is a way to let Steve give Michele the same permissions that he has when she’s running the summarize program. Steve types this:
chmod u+s summarize
This means “Add the Set User ID capability for the user
who owns the file to summarize.” Now his permissions look
like this:
-rw------- steve sales customers.dat -rwsr-xr-x steve sales summarize
Now let’s see what happens when Michele runs the program:
| Event | Linux says |
|---|---|
Michele types /home/steve/summarize
|
You are user michele of group mktg. You are “other”. You want to execute file /home/steve/summarize. Permission granted. |
| Program begins. |
Set User ID is in effect. Alakabaud! ® I have changed your user ID. You are now user steve
for as long as this program runs.
|
Program asks to read
file /home/steve/customers.dat
|
You are user steve. You want to read file /home/steve/customers.dat.Permission granted. |
The problem is now solved! Steve can let Michele run his program. His program temporarily changes Michele’s user ID to Steve’s so that the customer file becomes readable. If Michele tries to get to the customer file from any other program, the permissions will keep her out.
You may also use a construction like this to give the group’s permissions to anyone who runs the program.
chmod g+s summarize
| << A New Problem | Index | Quick Reference Summary >> |