Skip to content
Sunday, October 23, 2005 - 10:38 am ET
  • Digg
  • email
  • Facebook
  • FriendFeed
  • StumbleUpon
  • Suggest to Techmeme via Twitter
  • Tumblr

EXPLAIN: What is 'Setuid' or 'SUID'?

Setuid or SUID is a permission bit that can be set on a file or directory. I’m going to refer to suid for the remainder of this entry, but both phrases are interchangeable.

Setting the suid bit on a file allows normal users to run that application with raised (usually superuser) priviledges. Remember that when a user launches an application, that application runs with the same permissions as that user. This is one of the fundamental differences between Windows and *nix systems. In a *nix system a normal user does not have access to system files and therefore neither does any application (or virus or malware) that they may have launched.

An example of a file that has the suid bit set in most cases is the /usr/bin/passwd application. You can see that the /usr/bin/passwd application has the suid bit set by the letter s in place of the user’s eXecutable bit.

-rwsr-xr-x 1 root root 26680 May 10 13:44 passwd

The passwd application allows users to change their own passwords. In order to do so, it has to write to the etc/passwd file which contains all of the accounts on a GNU/Linux system. However, if the suid bit was not set on the passwd application then the passwd application would only have the rights of the user and therefore could not make changes to the etc/passwd file. Setting the suid bit on the passwd application allows it to run as the superuser and it can therefore write the new password to the etc/passwd file.

How to set the suid bit?

Use the number 4 in front of a normal chmod string: chmod 4777 test will make test world r/w/x and set the suid bit.

Sunday, October 23, 2005 - 10:38 am ET
  • Digg
  • email
  • Facebook
  • FriendFeed
  • StumbleUpon
  • Suggest to Techmeme via Twitter
  • Tumblr

13 Comments

  1. Neodymium

    Aha, this was just what I was looking for. Thanks! :D

    Reply

  2. Jon

    Glad I could help :)

    Reply

  3. kk

    I want to know about AIX based book
    I’m new in AIX, how to learn about AIX

    Reply

  4. kk

    I’m trying to run a shell script file but getting following errors

    The file access permissions do not allow the specified action.
    testdrop.sh[12]: /run.time: 0403-005 Cannot create the specified file.
    The file access permissions do not allow the specified action.
    testdrop.sh[13]: /DROP_TABLES_CPM_A1_01.bak: 0403-005 Cannot create the specified file.
    The file access permissions do not allow the specified action.
    testdrop.sh[55]: /DROP_TABLES_CPM_A1_01.err: 0403-005 Cannot create the specified file.
    rm: /DROP_TABLES_CPM_A1_01.bak: A file or directory in the path name does not exist.

    Pls Help Me

    Reply

  5. titikaka

    Very precise and good explanation. :)

    Reply

  6. pankaj

    Well explained!!but still a bit confused…

    Reply

  7. DMonter

    I have these two files in my RHEL5 /home/user1
    -rws—— 1 root root 18 Jul 6 19:42 test
    -rwsrwxrwx 1 root root 36 Jul 6 19:44 test2

    Both test and test2 are script files which contain…
    test:
    /bin/echo “Test1″
    test2:
    /bin/echo “Test2″
    sh test

    After I logged in as user1, why I cannot run test2 (# sh test2) with the following output??
    # sh test2
    Test2
    Test1

    but the following output…
    # sh test2
    Test2
    sh: test: Permission denied

    Pls kindly help me…

    Reply

  8. pankaj

    thanks

    Reply

  9. Neodymium

    How times have changed since I posted my original comment here : )

    Reply

  10. Sudo install | keyongtech

    [...] want to install these as setuid/setgid files [y,n,?,q] y Hello, You will find the response here: http://www.newlinuxuser.com/explain-…id-and-setgid/ Fija « Sol10 system deadlock running DB2 | ksh or bash [...]

    Reply

  11. Arik

    Thank you for the explanation. After looking around the net for a while I finally stumbled across this one. Short and simple.

    Reply

  12. Abhishek

    Thanxx man for the stuff..i was looking for it.Can you give some more files for which SUID bit is set on by default by the linux operating system. :)

    Reply

  13. unixatar

    i believe you have to make the file test readable atleast by group and others..
    so the permissions shud be 4744 min

    Reply