SetUID, SetGID bit : Special Permission in Linux

Sticky bit concept and implementation                                      Check CPU usage of file system

SetUID:

SetUID is a set User ID upon execution. We can identify SetUID bit is set or not in permissions of file by long listing the details of file as below.

[linuxconcepts@localhost test]$ cat > setuid.sh #!/bin/sh echo "SET USER ID BIT"; date [linuxconcepts@localhost test]$ [linuxconcepts@localhost test]$ ls -l setuid.sh -rw-rw-r--. 1 linuxconcepts linuxconcepts 39 Oct 23 12:08 setuid.sh [linuxconcepts@localhost test]$ chmod 4755 setuid.sh [linuxconcepts@localhost test]$ ls -l setuid.sh -rwsr-xr-x. 1 linuxconcepts linuxconcepts 39 Oct 23 12:08 setuid.sh [linuxconcepts@localhost test]$ //We can set setUID bit by following method as well [linuxconcepts@localhost test]$ touch setuid1.sh [linuxconcepts@localhost test]$ ls -l setuid1.sh -rw-rw-r--. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh [linuxconcepts@localhost test]$ chmod u+s setuid1.sh [linuxconcepts@localhost test]$ ls -l setuid1.sh -rwsrw-r--. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh [linuxconcepts@localhost test]$

We can see ‘s’ letter in permission of a setuid.sh file when we change permissions to 4755. We use 4 before actual permission digit to setUID bit to any file.

Benefit: When we set the setUID bit in linux then that script will execute with its owner’s permission. Means if any user is executing that script who have execution permission then it will execute with owner’s permission.

Generally, setUID bit is disabled in most of unix like operating systems because it is unsecure and it gives full access to execute the script.

We can remove setUID bit as follows:

[linuxconcepts@localhost test]$ chmod u-s setuid1.sh [linuxconcepts@localhost test]$ ls -l setuid1.sh -rw-rw-r--. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh [linuxconcepts@localhost test]$

Know more about :  How to run Unix commands on Windows OS

SetGID :

SetGID is a set group ID upon execution. It is same as setUID. But setUID is for user and setGID bit is in linux is for group. It can bet set and remove as follows.

[linuxconcepts@localhost test]$ ls -l setuid1.shroup -rw-rw-r--. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh [linuxconcepts@localhost test]$ [linuxconcepts@localhost test]$ chmod 2755 setuid1.sh [linuxconcepts@localhost test]$  ls -l setuid1.sh -rwxr-sr-x. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh [linuxconcepts@localhost test]$ chmod u-s setuid1.sh [linuxconcepts@localhost test]$ ls -l setuid1.sh -rwxr-sr-x. 1 linuxconcepts linuxconcepts 0 Oct 23 13:22 setuid1.sh [linuxconcepts@localhost test]$

Generally SetGID or SetUID bit is set for commands or service commands.

You might be interested in other posts. Have a look on it :

Jinfo command to get details about java process                  Jstat command in Linux