03-C.4: Special Permission Types - The setuid Bit

Last updated
Save as PDF

Page ID: 26828

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

EXAM OBJECTIVES COVERED
3.1 Given a scenario, apply or acquire the appropriate user and/or group permissions and ownership.

Linux Special Permissions

Linux uses some special permissions to allow certain capabilities that go beyond the basic rwx. By using special permissions, users with less privilege are allowed to execute a file and assume the privileges of the file's owner or group. This enables the user to temporarily have higher level privileges in a very limited and controlled manner.

Special permissions is a new topic for many Linux users. This video goes into detail about what these permissions are, how to set modify and remove them from a file's permissions.

The setuid Bit

The set user id bit (setuid) is present for files which have executable permissions. The setuid bit simply indicates that when running the executable, it will set its permissions to that of the owner, instead of setting it to the user who launched it. Similarly, there is a setgid bit which does the same for the gid, which we will touch on in a moment.

To locate the setuid, look for an ‘s’ instead of an ‘x’ in the executable bit of the file permissions.

The following are a few of the Linux commands that use the SUID bit to give the command elevated privileges when run by a regular user:

pbmac@pbmac-server $ ls -l /bin/su
-rwsr-xr-x 1 root root 44664 Mar 22  2019 /bin/su
pbmac@pbmac-server $ ls -l /bin/ping
-rwsr-xr-x 1 root root 64424 Jun 28  2019 /bin/ping
pbmac@pbmac-server $ ls -l /bin/mount
-rwsr-xr-x 1 root root 43088 Jan  8 10:31 /bin/mount
pbmac@pbmac-server $ ls -l /bin/umount
-rwsr-xr-x 1 root root 26696 Jan  8 10:31 /bin/umount
pbmac@pbmac-server $ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 59640 Mar 22  2019 /usr/bin/passwd

You can locate ALL setuid files with:
pbmac@pbmac-server $ sudo find / -perm -4000

You can see that for each of these executable files, the 'x' has been replaced with an 's' for the owner's (root) permission. When any user executes one of these files that process is given the permissions of the owner - in these cases it is root. So, if my user, pbmac, were to execute the /usr/bin/passwd command I temporarily have root privileges, which is what allows me to actually alter the /etc/passwd file.

To set the setuid bit, use the chmod command as shown below - where filesname is the name of the file that you desire to add the setuid bit:

pbmac@pbmac-server $ chmod u+s filename

To remove the setuid bit, use the following command:

pbmac@pbmac-server $ chmod u-s filename

The setuid bit works for files owned by any user, not just root.

Adapted from: "SetUID, SetGID, and Sticky Bits in Linux File Permissions" by Anannya Uberoi 1, Geeks for Geeks is licensed under CC BY-SA 4.0