What is SUID in Linux?

Overview

SUID or Set User ID is a special type of permission given to a file. In Linux or Unix systems when a program runs, it inherits permissions from the user spawning the process. SUID is used to assign temporary permission to a user to run a specific program with the permissions of the owner of the program. To put it straight, users will get file owner’s permissions when executing the program. Do note though it is extremely dangerous practice to run a program in this way as it can pose many security problems. From Spidy “With great powers come great responsibilities”.

What is SUID in Linux

The most common use of SID in linux is the passwd command. The passwd binary is owned by root however every user can execute passwd command to change his/her password. When this program is executed by a non-root user it inherits the permissions of root user so that it can make changes to /etc/passwd file which is owned by root.

So you may ask, where and how can I use this concept. Here is the answer. Suppose User A creates a shell script that he is using to update a file owned by him. Now he wants another user User B to execute that script daily so that the file owned by him gets updated daily so to perform this User A has to set SUID on the script just as root user does it on the passwd binary. So next time you are writing a script and wish someone else can edit a file owned by you, set this permission.

There are two ways to set this up

Symbolic way:


chmod u+s file1.txt

Numerical way:


chmod 4750 file1.txt

4 indicates SUID bitset, 7 for full permissions for owner, 5 for read and execute permissions for group, and 0 no permissions for others.

Lets see the suid bit set on the passwd binary.
suid 300x219 What is SUID in Linux?
The small s in the permission field indicates the suid bit set on this binary.

You may also see big S instead of a small one just like this

suid2 300x219 What is SUID in Linux?
This is when the binary has suid set but its permission set as not executable. Set this as executable and you will (small) s in the permissions feild again.