kazmax - Home Server on Linux

SUID (Set User ID) - Special access rights

There is a special access right called SUID (Set User ID). This page describes the SUID (Set User ID).

Last Update : October 07, 2020

SUID (Set User ID) - Special access rights

  1. What is SUID (Set User ID)?
  2. How to check the SUID (Set User ID)
  3. Set the SUID (Set User ID)
  4. use case

1. What is SUID (Set User ID)?

SUIDs (Set User IDs) are special access rights that are set for files for which you have execution rights.

Normally, when an executable file is executed, it is executed with the privileges of the user who executed the file, but a file with a Set User ID (SUID) is executed with the account privileges of the owner of the executable file.

SUID (Set User ID) is set in some commands that originally come with Linux, for example, "passwd" command.

2. How to check the SUID (Set User ID)

You can check whether SUID (Set User ID) is set or not with "ls -l".

$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 22984 Jan 7  2007 /usr/bin/passwd

The owner part of the permissions is "rws". The execution right part is usually "x", but if this part is "s", it means that SUID (Set User ID) is set.

Notes

The passwd command updates files that cannot normally be modified by ordinary users, such as /etc/passwd and /etc/shadow.

A normal user can run this command to update /etc/passwd or /etc/shadow because the SUID is set in the passwd command and it is running as root.

3. Set the SUID (Set User ID)

To set the SUID (Set User ID), use the chmod command as follows

chmod u+s file

To set access rights in numeric mode, add 4000 to the number. For example, if you want to add SUID (Set User ID) to an executable file with 755 access rights, the numeric notation would be "4755".

chmod 4755 file

4. use case

Let's actually set the SUID (Set User ID) and see how it works.

# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
↑ You are logged in with the root account.

# cp /bin/touch . ← Copy the touch command
# chown user1 touch ← Change the owner of the touch command to user1
# chmod u+s touch ← Set SUID.

# ls -l touch
-rwsr-xr-x 1 user1 root 42284 Jul 25 12:39 touch ← SUID is set.

# ./touch test.txt ← Create test.txt with the touch command with SUID set

# ls -l test.txt
-rw-r--r-- 1 user1 root 0 Jul 25 12:39 test.txt ←  The owner of the test.txt file is "user1".

Since I ran the touch command with the root account, the owner of the test.txt should be root.

Since SUID is set in the touch command, the command is executed as user1, the owner of the file, and the owner of the created file becomes user1.