Jump to content

Setuid

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Uwe Hermann (talk | contribs) at 01:53, 3 April 2005 (Interwiki.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Setuid is a UNIX term, and is short for "Set User ID." Setuid, also sometimes referred to as "suid," is an access right flag that can be assigned to files and directories on a UNIX based operating system. The setuid flag is mostly used to allow users on a computer system to execute binary executables with temporarily elevated privileges in order to preform a spesific task. Generally this will be tasks that require higher privileges than what a common user has, such as changing his or her login password.

When a binary executable file owned by root has been given the setuid attribute, normal users on the system can execute this file and gain root privileges within the created process. When root privileges has been gained within the process, the application can then preform tasks on the system that regular users normally would be restricted from doing.

While the setuid feature is very usefull in many cases, it can however pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed. Users can exploit vulnerabilities in flawed programs to gain permanent elevated privileges.

There is also a Setgid flag, which is short for "Set Group ID." This attribute will allow for changing the group based privileges within a process, like the setuid flag does for user based privileges.