Skip to content

setuid Bit & setgid Bit

January 2, 2011

Looking at setuid Bit & setgid Bit

The setuid Bit is what enables a file to be executed at the owners permission levels. For example a command that is used a lot by different users can have a setuid Bit set on it, this eliminates the need to switch to the user who owns the file or change the current permissions set to execute the file in question. E.g.: –

prompt> ls -l ls ### Use this ‘ls’ command to find out what permissions are set for ‘ls’

-rwxr-xr-x 1 root root 104528 2010-09-21 19:33 ls ### As you can see this is executable

Now to make the above file executable by any user that runs the file : –

prompt> chmod u+s /bin/ls ### Add the setuid Bit to user

prompt> ls -l ls

-rwsr-xr-x 1 root root 104528 2010-09-21 19:33 ls ### Now you can see that ‘s‘ has replaced the previous x which means that this file can now be executed by any user at the owners permission level

To remove the setuid bit, you just do the following: –

prompt> chmod u-s /bin/ls

prompt> ls -l ls

-rwxr-xr-x 1 root root 104528 2010-09-21 19:33 ls ### And as you can see the setuid Bit has now been removed

If a command/file needs to be executed frequently that was not created by the current user then setting the setuid bit will enable all users to execute the file/command as the file/command will be executed at the same level of the owner of the file/command

PS. The same applies to setting a file/command executable on a group basis, the only difference is the command to set/remove the setgid Bit on the group permissions of a file is chmod g+s filename & chmod g-s filenamerespectively.

Advertisements

From → Linux

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: