3. Security Features on UNIX : Access Control with Setuid (UNIX) : Use Chmod to Set the Setuid Bit
 
Share this page                  
Use Chmod to Set the Setuid Bit
After an embedded SQL application program has been created, the permissions of the program file can be set so that it can run with the effective user ID set to that of the owner of the file. If, for example, the owner of the file is the DBA, any user executing the program is recognized as the DBA—and has the same access to objects and data as the DBA—for the life of the program.
The UNIX chmod command issued at the operating system prompt is used to change the mode of a file. The following format of this command changes the mode of the specified file name to give “set user id on execution” and “execute” permission to everyone. The 4 sets the Setuid bit:
chmod 4711 filename
For example, if the following command is executed:
chmod 4711 app1prog
The resulting file permissions looks like this:
-rws--x--x 1 dba 7584 Mar 30 app1prog
Using this technique, the DBA (or other user, such as an application developer) can allow any user to temporarily become the effective user id for controlled access to specific application programs. The effective user ID is recognized when a connection is made to the Ingres DBMS Server.
Note:  Only the application owner or the root user can run the chmod operating system command.