setuid

What is setuid?

setuid (short for set user ID) is a special permission bit on Unix that you can set on an executable file to ensure that whenever the file is executed that it executes with the permissions of the file’s owner, not the current user.

An example use case

An example usage of setuid is the /usr/bin/passwd file. If you run ls -la /usr/bin/passwd, you’ll get something like:

-rwsr-xr-x 1 root root 93608 Aug 13  2024 /usr/bin/passwd

Notice the s in place of x for the owner (root). The presence of an s means the setuid bit is on for the file.

Now, if a regular user runs /usr/bin/passwd, the file will be executed as root (the owner) even though the regular user is not root.

In the case of the /usr/bin/passwd executable, the setuid bit is needed because the program modifies /etc/shadow.

By setting the setuid bit on /usr/bin/passwd, we enable non-root users to run that program as root and so be able to modify the /etc/shadow file.

Recipes

Set the setuid bit on a file

chmod u+s

Check if the setuid bit is set on a file

ls -la <file>

If there’s an s instead of x for the owner’s permissions, the setuid bit is set.