sajad torkamani

A SUID (Set User ID) bit is a special type of permission in Linux and UNIX-like operating systems. When the SUID bit is set on an executable file, it allows the file to be executed with the privileges of the file’s owner, rather than the privileges of the user who runs the file.

Normal vs SUID execution

Typically, when a user executes a file, the process runs with the permissions of the user.

When the SUID bit is set on an executable file, the process runs with the permissions of the file’s owner.

When does it make sense to use the SUID permission?

The SUID bit is useful when a program needs to perform tasks that require higher privileges than those of the user executing the program.

For example, the passwd command lets users change their passwords. To update the password, the command needs to write to system files like /etc/passwd and /etc/shadow, which are usually writable only be the root user.

The s in the rws indicates that the SUID bit is set, so when a user runs passwrd, it’ll run with the privileges of the user that owns the file (root).

Recipes

Set SUID

sudo chmod u+s /path/to/file

Remove SUID

sudo chmod u-s /path/to/file

lets you execute a file as your current user.

A GUID (Set Group ID)

Tagged: Unix