DOCUMENT:Q322812 12-AUG-2002 [winnt] TITLE :How to Turn Setuid/Setgid On or Off PRODUCT :Microsoft Windows NT PROD/VER::3.0 OPER/SYS: KEYWORDS:kbenv kbtool ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows Services for UNIX, version 3.0 ------------------------------------------------------------------------------- IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: Q256986 Description of the Microsoft Windows Registry SUMMARY ======= This article describes how to turn set-user-identifier-on-execution (setuid) or set-group-identifier-on-execution (setgid) on or off. MORE INFORMATION ================ WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. Windows Services For UNIX 3.0 (SFU) includes support for setuid/setgid. When you install SFU, you can turn on this support. In SFU 3.0, you can use the chmod(1) utility to set the setuid, setgid, and sticky file mode bits on files or folders that are stored on an NTFS file system partition and that are shared through Server for NFS. When you later obtain access to the file or folder by using a UNIX-based client, the standard semantics for these bits apply. For example, an executable file (.exe) that has the setuid bit set will execute under the user ID of the file's owner, not the user ID of the user who is executing the file. Some UNIX-based network file system (NFS) servers apply special interpretations or restrictions for the setuid, setgid, and sticky bits. Some versions of UNIX, for example, enforce mandatory locking on a folder with the setgid bit set but no execute permissions. Server for NFS does not implement special interpretations or restrictions when you use these bits. The functionality of setuid/setgid is a potential security issue. Because of this, SFU 3.0 can toggle this feature by either editing the registry values directly or by using Regini with the included .ini files to turn the values on or off. Use REGINI to Turn On or Turn Off Setuid/Setgid ----------------------------------------------- In the SETUP folder on the SFU 3.0 CD-ROM are 2 files: Enablesetuid.ini - Turns on setuid/setgid. Disablesetuid.ini - Turns off setuid/setgid. At a command prompt, run the "regini enablesetuid" (without the quotation marks) command or the "regini disablesetuid" (without the quotation marks) command. Edit the Registry Values Directly --------------------------------- Use Registry Editor to locate the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Services for UNIX Edit the EnableSetuidBinaries value: 1 is setuid/setgid turned on. 0 is setuid/setgid turned off. Additional query words: solar coaster solarcoaster interix ====================================================================== Keywords : kbenv kbtool Technology : kbWinServiceUNIXSearch kbWinServiceUNIX300 Version : :3.0 Issue type : kbhowto ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.