Linux: Special Permissions

What is SUID (setuid)?

If SUID bit is set on a file and if user execute this file the process created during execution will have the same rights as the owner of the file.

it is a bit complicated to understand from the defination let us use some practical example to understand:

Let say that we have a linux server as we know in linux if user changes his password:

  • /etc/passwd file is used to keep track of every registered user
  • /etc/shadow is a system file in Linux that stores encrypted user passwords  and is accessible only to the root user

You can see permissions for /etc/shadow file as below:

Let's understand the logic behind password change process. Let say that a linux user login to linux server and try to change his password.

Let's look at the diagram to understand whole process:

When user sandip logs in to linux server and runs /usr/bin/passwd to change his password following things happen:

  • /usr/bin/passwd command create a new process
  • this process then would update /etc/passwd and /etc/shadow files

Assume that SUID bit is set on /usr/bin/passwd file as seen below:

We will learn later in this tutorial how to set this bit for now assume that this is how you can find out if SUID bit is set on user permission.

When user sandip execute /usr/bin/passwd file which has SUID bit set then the process that is created would have owner rights in this case process change /etc/passwd and /etc/shadow file.

This process wont throw any error because root can edit any file in linux system. Now, let us assume that /usr/bin/passwd file does not have SUID bit set. What would happen in this case?

In that case process would have rights of user who execute the file. I.e. sandip user in our case. You can also see that /etc/shadow file does not allow write permission to other users than root user.

Therefore, user would not be able to change his password because process wont have correct rights to write data to /etc/shadow file.

How to set SUID bit in linux?

To set SUID bit on a file you can use following command:

# chmod command using abberivation
sudo chmod u+s <file>

# chmod command using numeric code
# in below command 4 indicates setting SUID and 6 indicates read and write permission
# 55 means permissions for group and other
sudo chmod 4655 <file>