setuid and setgid are Unix terms, which are short for "Set User ID" and "Set Group ID", respectively. setuid (also sometimes referred to as "suid") and setgid are access right flags that can be assigned to files and directories on a Unix based operating system. They are mostly used to allow users on a computer system to execute binary executables with temporarily elevated privileges in order to perform a specific task. Filiation of Unix and Unix-like systems Unix (officially trademarked as UNIX®) is a computer operating system originally developed in the 1960s and 1970s by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy. ... Filiation of Unix and Unix-like systems Unix (officially trademarked as UNIX®) is a computer operating system originally developed in the 1960s and 1970s by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy. ... An operating system (OS) is a set of computer programs that manage the hardware and software resources of a computer. ...

setuid and setgid are needed for tasks that require higher privileges than those which a common user has, such as changing his or her login password. Some of the tasks that require elevated privilege may not immediately be obvious, though — such as the ping command, which must send and listen for control packets on a network interface. For other uses, see Ping (disambiguation). ... The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet protocol suite. ...

setuid on executables

When a binary executable file has been given the setuid attribute, normal users on the system can execute this file and gain the privileges of the user who owns the file (commonly root) within the created process. When root privileges have been gained within the process, the application can then perform tasks on the system that regular users normally would be restricted from doing. The invoking user will be prohibited by the system from altering the new process in any way, such as by using ptrace, LD_LIBRARY_PATH or sending signals to it (signals from the terminal will still be accepted, however). Due to the increased likelihood of security flaws, many operating systems ignore the setuid attribute when applied to executable shell scripts. On many computer operating systems, superuser, or root, is the term used for the special user account that is controlled by the system administrator. ... In computing, a process is an instance of a computer program that is being executed. ...

While the setuid feature is very useful in many cases, it can pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed. Users can exploit vulnerabilities in flawed programs to gain permanent elevated privileges, or unintentionally execute a trojan horse program. In computer security, an exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to get unintended or unanticipated behavior out of computer software, hardware, or something electronic (usually computerized). ... Privilege escalation is the act of exploiting a bug in an application to gain access to resources which normally would have been protected from an application or user. ... This article or section is not written in the formal tone expected of an encyclopedia article. ...

The setgid attribute will allow for changing the group based privileges within a process, like the setuid flag does for user based privileges.

The presence of setuid executables is the main reason why the chroot system call is not available to non-root users on Unix. A chroot on Unix operating systems is an operation which changes the root directory. ... On many computer operating systems, superuser, or root, is the term used for the special user account that is controlled by the system administrator. ...

Demonstration

 [bob@foo]$ cat /etc/passwd alice:x:1007:1007::/home/alice:/bin/bash bob:x:1008:1008::/home/bob:/bin/bash [bob@foo]$ cat printid.c #include <stdlib.h> #include <stdio.h> #include <unistd.h> #include <sys/types.h> int main(void) { printf("Real UIDt= %dn", getuid()); printf("Effective UIDt= %dn", geteuid()); printf("Real GIDt= %dn", getgid()); printf("Effective GIDt= %dn", getegid()); return EXIT_SUCCESS; } [bob@foo]$ gcc -Wall printid.c -o printid [bob@foo]$ chmod ug+s printid [bob@foo]$ su alice Password: [alice@foo]$ ./printid Real UID = 1007 Effective UID = 1008 Real GID = 1007 Effective GID = 1008 [alice@foo]$  

setuid on directories

setuid and setgid flags on a directory have an entirely different meaning.

Directories with the setgid permission will force all files and sub-directories created in them to be owned by the directory group and not the group of the user creating the file. The setgid flag is inherited by newly created subdirectories.

The setuid permission set on a directory is ignored on UNIX and GNU/Linux systems ^[1]. FreeBSD can be configured to interpret it similarly to setgid, namely, to force all files and sub-directories to be owned by the top directory owner.^[2]

See also

• Confused deputy problem
• sudo
• Unix security
• chmod
• User identifier (Unix)
• Group identifier (Unix)
• File system permissions
• Privilege revocation
• Privilege separation
• Environment variable

In information security, the Confused Deputy Problem is a canonical example of why capability-based security is important. ... This article is about the Unix command line program. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... The chmod command (abbreviated from change mode) is a shell command in Unix and Unix-like environments. ... On Unix-like systems, users are represented by a user identifier, often abbreviated UID. The range of values for a UID varies amongst different systems; at the very least, a UID can be between 0 and 32767, with some restrictions: The Superuser must always have a UID of zero (0). ... In Unix-like systems, multiple users can be combined to form groups. ... Most modern file systems have methods of administering permissions or access rights to specific users and groups of users. ... Privilege revocation is the act of an entity giving up some, or all of, the privileges they possess, or some authority taking those (privileged) rights away. ... Privilege separation is the technique of separating different user interface by the assigning rights/privileges to acess different resources. ... Environment variables are a set of dynamic values that can affect the way running processes will behave on a computer. ...

References

External links

• Hao Chen, David Wagner, Drew Dean: Setuid Demystified (pdf)
• Wayne Pollock: Unix File and Directory Permissions and Modes