# 03-C.4: Special Permission Types - The setuid Bit

EXAM OBJECTIVES COVERED
3.1 Given a scenario, apply or acquire the appropriate user and/or group permissions and ownership.

Linux uses some special permissions to allow certain capabilities that go beyond the basic rwx. By using special permissions, users with less privilege are allowed to execute a file and assume the privileges of the file's owner or group. This enables the user to temporarily have higher level privileges in a very limited and controlled manner.

## The setuid Bit

The set user id bit (setuid) is present for files which have executable permissions. The setuid bit simply indicates that when running the executable, it will set its permissions to that of the owner, instead of setting it to the user who launched it. Similarly, there is a setgid bit which does the same for the gid, which we will touch on in a moment.

To locate the setuid, look for an ‘s’ instead of an ‘x’ in the executable bit of the file permissions.

The following are a few of the Linux commands that use the SUID bit to give the command elevated privileges when run by a regular user:

pbmac@pbmac-server $ls -l /bin/su -rwsr-xr-x 1 root root 44664 Mar 22 2019 /bin/su pbmac@pbmac-server$ ls -l /bin/ping
-rwsr-xr-x 1 root root 64424 Jun 28  2019 /bin/ping
pbmac@pbmac-server $ls -l /bin/mount -rwsr-xr-x 1 root root 43088 Jan 8 10:31 /bin/mount pbmac@pbmac-server$ ls -l /bin/umount
-rwsr-xr-x 1 root root 26696 Jan  8 10:31 /bin/umount
pbmac@pbmac-server $ls -l /usr/bin/passwd -rwsr-xr-x 1 root root 59640 Mar 22 2019 /usr/bin/passwd You can locate ALL setuid files with: pbmac@pbmac-server$ sudo find / -perm -4000


You can see that for each of these executable files, the 'x' has been replaced with an 's' for the owner's (root) permission. When any user executes one of these files that process is given the permissions of the owner - in these cases it is root. So, if my user, pbmac, were to execute the /usr/bin/passwd command I temporarily have root privileges, which is what allows me to actually alter the /etc/passwd file.

To set the setuid bit, use the chmod command as shown below - where filesname is the name of the file that you desire to add the setuid bit:

pbmac@pbmac-server $chmod u+s filename  To remove the setuid bit, use the following command: pbmac@pbmac-server$ chmod u-s filename


The setuid bit works for files owned by any user, not just root.