Because tinylogin was merged into busybox 0.61, it became necessary for busybox to support SUID and SGID handling.
This has been implemented in a generic way, so every applet is able support it. Since the tinylogin way of using SUID priviledges is very limited, the busybox version has been extended to support three different flavors:
The file has to be owned by user root, group root and has to be writeable only by root (chown 0.0; chmod 600;). The content is INI style like:
This way, it is easily understood by users and busybox developers can easily add new configuration options. Blank lines are ignored and everthing to the right of a "#" character is treated as a comment.
The SUID handling code only parses the "[SUID]" group. Every line in this group has the following syntax:
<applet> = [Ssx-][Ssx-][x-] (<username>|<uid>).(<groupname>|<gid>)
The three [Ssx-] flags following the applet name are just like the corresponding s/x flag in a ls -l directory listing (user, group, all).
The username/uid and groupname/gid fields are optional and default both to root/0Examples:
[SUID] su = ssx root.0 # applet su can be run by anyone and runs with euid=0/egid=0 su = ssx # exactly the same mount = sx- root.disk # applet mount can be run by root and members of group disk # and runs with euid=0 cp = --- # disable applet cp for everyoneAuthor: Robert 'sandman' Griebl