Setuid

Updated: 10/30/2017 by Computer Hope

Setuid, which stands for set user ID on execution, is a special type of file permission in Unix and Unix-like operating systems such as Linux and BSD. It is a security tool that permits users to run certain programs with escalated privileges.

When an executable file's setuid permission is set, users may execute that program with a level of access that matches the user who owns the file. For instance, when a user wants to change their password, they run the passwd command. The passwd program is owned by the root account and marked as setuid, so the user is temporarily granted root access for that very limited purpose.

Viewing the setuid permission of a file

When viewing a file's permissions with the ls -l command, the setuid permission is displayed as an "s" in the user-execute bit position. For example:

ls -l /usr/bin/passwd
-rwsr-xr-x 1 root 54192 Nov 20 17:03 /usr/bin/passwd

Setting the setuid permission of a file

To set the setuid permission for an executable file, use the permission identifier u+s with the chmod command:

chmod u+s myfile

Non-executable files can be marked as setuid, but it has no effect; marking them setuid does not automatically make them executable. In this case, the permission bit shows up as an uppercase "S". For instance:

ls -l myfile
-rw-r--r-- 1 user 0 Mar 6 10:45 myfile 
chmod u+s myfile
ls -l myfile
-rwSr--r-- 1 user 0 Mar 6 10:45 myfile

However, if you then set the file to be user-executable with the permission u+x, the setuid permission comes into effect. It will then be represented in the listing with a lowercase "s":

chmod u+x myfile
ls -l myfile
-rwsr--r-- 1 user 0 Mar 6 10:45 myfile

Setgid

Setgid is the equivalent of setuid that grants permission of the group who owns the file is known as setgid. It operates in much the same way, and the "s" or "S" indicator is displayed in the group execute position of the output of ls -l. For example:

chmod g+x myfile2
ls -l myfile2
-rw-r-sr-- 1 user 0 Mar 6 10:46 myfile2

Executable file, Linux, Permission, Security terms