Unix for Advanced Users - Manipulating Files - File Ownership and Permissions

6. Manipulating Files

6.4. File Ownership and Permissions

6.4.5 SUID and SGID Files

It is often the case in Unix that an ordinary user must perform a task which only the root has the power to. Since it is not practical to give every user the root password, setuid and setgid bits are used. A setuid program (or script) assumes the UID of the program owner when it is run (a setgid program assumes the GID of the program group when run). So a setuid root program (or script) has a special bit set such that it can be run by any user to perform rootly tasks.

Let's consider an example. Say user Zelda has a program named Ick. In order to run, Ick needs access to some data in the file Belch. This file is owned by Zelda and has no world permissions. Another user, Bufford, wants to execute Ick. Bufford and Zelda don't belong to any of the same groups. Bufford can't run Ick because he doesn't have permission to access Belch. Zelda doesn't want to make Belch world readable. If the set user ID bit is turned on for world then Zelda's permissions as owner of Belch will be given to Belch itself. This means that Bufford can run Ick, because Ick will have access to the data in Belch that it needs. Bufford however, cannot read or write to Belch. He has access to it only through Ick.

Both the setuid and setgid bit are represented with an "s". Whether it is setuid or setgid depends on whether it is set for the owner or the group.

Setting setuid/gid bits:

chmod u+s somestuff

This sets the setuid bit on the file somestuff. So the output of ls -l for the file will look like:

-rws-r--r-- 1 trsmith user 1178 Feb 29 15:17 somestuff

But entering:

chmod g+s somestuff

will set the setgid bit on the files somestuff and the output of ls -l for the file will look like:

-rwx-r-sr-- 1 trsmith user 1178 Feb 29 15:17 somestuff

contents