The setuid (set user id) is a permission bit, that allows the users to exec a program with the permissions of its owner.
The setgid (set group id) is a bit that allows the user to exec a program with the permissions of the group owner.
A random user can exec a setuided script, with the permissions of the owner. Also a random user can exec a setgided script, with the permissions of the group.
The setuid and setgid can be set with the chmod command, like any other permission bits.
To view if a file has setuid and setgid, use ls -l or stat. The s in the user permissions field represents the setuid and the S in the group permission field represents the setgid:
$ ls -l
-rwSrwSr-- 1 razvan razvan 0 2012-07-01 02:46 script
How to set and remove the setuid and the setgid:
1. In the human readable format:
The setuid and setgid can be set in both the octal and the human readable format.
To add the setuid add the +s bit for the user: chmod u+s /path/to/file
$ chmod u+s script2
To remove the setuid bit use the -s argument with the chmod command: chmod u-s /path/to/file
$ chmod u-s script2
To set the setgid bit on a file, add the +s argument for the group, with chmod g+s /path/to/file:
$ chmod g+s myscript
To remove the setgid use -s for the group: chmod g-s /path/to/file
$ chmod g-s myscript
2. In the octal mode:
To set the setuid in the octal form, place a 4 in front of the three permission bits. 4777 for example, means that the file has full permissions and setuid bit: chmod 4777 /path/to/myscript.
$ chmod 4777 myscript
$ chmod 4764 myscript
To set the setgid in the octal form, add a 2 before the three permission digits. 2777 for example, means that the file has full permissions and setgid bit: chmod 2777 /path/tomyscript
$ chmod 2777 myscript
$ chmod 2764 myscript
To remove the setuid and setgid place a 0(zero) in front of the three permission bits: chmod 0777 /path/to/file.
How to find the setuided and setgided files:
I will show you how to find the setuided and setgided files with find: find / -type f -perm /6000
$ find / -type f -perm /6000 -exec stat -c "%A %a %n" {} \;
-rwxr-sr-x 2755 /usr/bin/wall
-rwxr-sr-x 2755 /usr/bin/mlocate
-rwxr-sr-x 2755 /usr/bin/dotlockfile
-rwxr-sr-x 2755 /usr/bin/crontab
-rwsr-sr-x 6755 /usr/bin/at
-rwxr-sr-x 2755 /usr/bin/bsd-write
-rwxr-sr-x 2755 /usr/bin/ssh-agent
-rwsr-xr-x 4755 /usr/bin/mtr
-rwsr-xr-x 4755 /usr/bin/traceroute6.iputils
-rwsr-xr-x 4755 /usr/bin/passwd
-rwsr-xr-x 4755 /usr/bin/pkexec
-rwsr-sr-x 6755 /usr/bin/X
[...]
Find only the files with setuid: find / -type f -perm /4000
Find only the files with setgid: find / -type f -perm /2000
Nice tut. keep it up. thanks.
A very nice tutorial. One thing I noticed is that the the setuid or ‘s’ letter on the owner part is a lowercase ‘s’ not ‘S’. The capital ‘S’ as you already explained is part of the group section.
fixed. thank you 🙂
it turns out, when it is capital S at the group field, it means the x bit is not set.
in effect, if it is a folder, the group will not have access to the folder
i.e.
chmod 700 to a folder is the same as chmod 2740 to a folder.
Thank you for a nice tut’. I found the
> How to find the setuided and setgided files:
especially neat!
Article layout could be improved a bit, with e.g. bigger non-Arial titles –but maybe that’s my taste.
Why would the suid bit be set for the owner of a file?
Thanks for the tutorial, very helpful.
nice one .thank you .well understand.
thanks man , this is very brief and informative , thank you .