Setuid or SUID is a permission bit that can be set on a file or directory. I’m going to refer to suid for the remainder of this entry, but both phrases are interchangeable.
Setting the suid bit on a file allows normal users to run that application with raised (usually superuser) priviledges. Remember that when a user launches an application, that application runs with the same permissions as that user. This is one of the fundamental differences between Windows and *nix systems. In a *nix system a normal user does not have access to system files and therefore neither does any application (or virus or malware) that they may have launched.
An example of a file that has the suid bit set in most cases is the /usr/bin/passwd application. You can see that the /usr/bin/passwd application has the suid bit set by the letter s in place of the user’s eXecutable bit.
-rwsr-xr-x 1 root root 26680 May 10 13:44 passwd
The passwd application allows users to change their own passwords. In order to do so, it has to write to the etc/passwd file which contains all of the accounts on a GNU/Linux system. However, if the suid bit was not set on the passwd application then the passwd application would only have the rights of the user and therefore could not make changes to the etc/passwd file. Setting the suid bit on the passwd application allows it to run as the superuser and it can therefore write the new password to the etc/passwd file.
How to set the suid bit?
Use the number 4 in front of a normal chmod string: chmod 4777 test will make test world r/w/x and set the suid bit.
Aha, this was just what I was looking for. Thanks! :D
Reply
Glad I could help :)
Reply
I want to know about AIX based book
I’m new in AIX, how to learn about AIX
Reply
I’m trying to run a shell script file but getting following errors
The file access permissions do not allow the specified action.
testdrop.sh[12]: /run.time: 0403-005 Cannot create the specified file.
The file access permissions do not allow the specified action.
testdrop.sh[13]: /DROP_TABLES_CPM_A1_01.bak: 0403-005 Cannot create the specified file.
The file access permissions do not allow the specified action.
testdrop.sh[55]: /DROP_TABLES_CPM_A1_01.err: 0403-005 Cannot create the specified file.
rm: /DROP_TABLES_CPM_A1_01.bak: A file or directory in the path name does not exist.
Pls Help Me
Reply
Very precise and good explanation. :)
Reply
Well explained!!but still a bit confused…
Reply
I have these two files in my RHEL5 /home/user1
-rws—— 1 root root 18 Jul 6 19:42 test
-rwsrwxrwx 1 root root 36 Jul 6 19:44 test2
Both test and test2 are script files which contain…
test:
/bin/echo “Test1″
test2:
/bin/echo “Test2″
sh test
After I logged in as user1, why I cannot run test2 (# sh test2) with the following output??
# sh test2
Test2
Test1
but the following output…
# sh test2
Test2
sh: test: Permission denied
Pls kindly help me…
Reply
thanks
Reply
How times have changed since I posted my original comment here : )
Reply
[...] want to install these as setuid/setgid files [y,n,?,q] y Hello, You will find the response here: http://www.newlinuxuser.com/explain-…id-and-setgid/ Fija « Sol10 system deadlock running DB2 | ksh or bash [...]
Reply
Thank you for the explanation. After looking around the net for a while I finally stumbled across this one. Short and simple.
Reply
Thanxx man for the stuff..i was looking for it.Can you give some more files for which SUID bit is set on by default by the linux operating system. :)
Reply
i believe you have to make the file test readable atleast by group and others..
so the permissions shud be 4744 min
Reply