KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q322812: How to Turn Setuid/Setgid On or Off

Article: Q322812
Product(s): Microsoft Windows NT
Version(s): 3.0
Operating System(s): 
Keyword(s): kbenv kbtool
Last Modified: 12-AUG-2002

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Windows Services for UNIX, version 3.0 
-------------------------------------------------------------------------------

IMPORTANT: This article contains information about modifying the registry. Before you 
modify the registry, make sure to back it up and make sure that you understand how to restore 
the registry if a problem occurs. For information about how to back up, restore, and edit the 
registry, click the following article number to view the article in the Microsoft Knowledge Base:

  Q256986 Description of the Microsoft Windows Registry

SUMMARY
=======

This article describes how to turn set-user-identifier-on-execution (setuid) or
set-group-identifier-on-execution (setgid) on or off.

MORE INFORMATION
================

WARNING: If you use Registry Editor incorrectly, you may cause serious problems
that may require you to reinstall your operating system. Microsoft cannot
guarantee that you can solve problems that result from using Registry Editor
incorrectly. Use Registry Editor at your own risk.

Windows Services For UNIX 3.0 (SFU) includes support for setuid/setgid. When you
install SFU, you can turn on this support. In SFU 3.0, you can use the chmod(1)
utility to set the setuid, setgid, and sticky file mode bits on files or folders
that are stored on an NTFS file system partition and that are shared through
Server for NFS. When you later obtain access to the file or folder by using a
UNIX-based client, the standard semantics for these bits apply. For example, an
executable file (.exe) that has the setuid bit set will execute under the user
ID of the file's owner, not the user ID of the user who is executing the file.

Some UNIX-based network file system (NFS) servers apply special interpretations
or restrictions for the setuid, setgid, and sticky bits. Some versions of UNIX,
for example, enforce mandatory locking on a folder with the setgid bit set but
no execute permissions. Server for NFS does not implement special
interpretations or restrictions when you use these bits.

The functionality of setuid/setgid is a potential security issue. Because of
this, SFU 3.0 can toggle this feature by either editing the registry values
directly or by using Regini with the included .ini files to turn the values on
or off.

Use REGINI to Turn On or Turn Off Setuid/Setgid
-----------------------------------------------

In the SETUP folder on the SFU 3.0 CD-ROM are 2 files:

  Enablesetuid.ini - Turns on setuid/setgid.
  Disablesetuid.ini - Turns off setuid/setgid.

At a command prompt, run the "regini enablesetuid" (without the quotation marks)
command or the "regini disablesetuid" (without the quotation marks) command.

Edit the Registry Values Directly
---------------------------------

Use Registry Editor to locate the following registry key:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Services for UNIX

Edit the EnableSetuidBinaries value:

  1 is setuid/setgid turned on.
  0 is setuid/setgid turned off.

Additional query words: solar coaster solarcoaster interix

======================================================================
Keywords          : kbenv kbtool 
Technology        : kbWinServiceUNIXSearch kbWinServiceUNIX300
Version           : :3.0
Issue type        : kbhowto

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.