How does the set-user-ID mechanism work in Unix

Architecturecommand lineprivilegesprocesssetuid

Can someone please explain the set-user-ID mechanism in Unix ? What was the rationale behind this design decision? How is it different from effective user id mechanism ?

Best Answer

You might know the normal read, write and execute permissions for files in unix.

However, in many applications, this type of permission structure--e.g. giving a given user either full permission to read a given file, or no permission at all to read the file--is too coarse. For this reason, Unix includes another permission bit, the set-user-ID bit. If this bit is set for an executable file, then whenever a user other than the owner executes the file, that user acquires all the file read/write/execute privileges of the owner in accessing any of the owner's other files!

To set the set-user-ID bit for a file, type

 chmod u+s filename

Make sure that you have set group-other execute permission too; it would be nice to have group-other read permission as well. All of this can be done with the single statement

 chmod 4755 filename

It is also referred to as Saved UID. A file that is launched that has a Set-UID bit on, the saved UID will be the UID of the owner of the file. Otherwise, saved UID will be the Real UID.

What is effective uid ?

This UID is used to evaluate privileges of the process to perform a particular action. EUID can be changed either to Real UID, or Superuser UID if EUID!=0. If EUID=0, it can be changed to anything.

Example

An example of such program is passwd. If you list it in full, you will see that it has Set-UID bit and the owner is "root". When a normal user, say "mtk", runs passwd, it starts with:

Real-UID = mtk  
Effective-UID = mtk  
Saved-UID = root

Reference link 1
Reference link 2

Best Answer

What is effective uid ?

Example

Related Solutions

How do real and effective user IDs work

Bash – How does the exit command work on a Unix terminal

Related Question