The setuid bit (Set User ID on execution) causes an executable to run with the effective user ID of its owner rather than the user who invoked it. When the owner is root, a setuid binary lets ordinary users perform privileged operations—carefully scoped ones, in well-designed programs. The canonical examples are passwd (which must write to /etc/shadow, owned by root) and sudo.
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root ... /usr/bin/passwd # 's' in user field
chmod u+s mybinary # set the bit
chmod 4755 mybinary # octal
Setuid is powerful and dangerous. A buffer overflow or logic bug in a setuid-root program can grant full system control to an attacker, which is why security-conscious distributions and auditors are always on the lookout for unnecessary setuid binaries. The modern alternative is capabilities (fine-grained privileges attached to a binary without making it full root), used for example by ping on many distros.
A sibling setgid bit works the same way for groups: it causes a program to run with the effective group ID of its file's group owner. Setgid on a directory changes a different behaviour: new files in that directory inherit the directory's group, which is useful for shared project directories.
Related terms: setgid, chmod, Capabilities, sudo
Discussed in:
- Chapter 9: Users, Groups, and Permissions — Special Bits: setuid, setgid, and sticky
Also defined in: Textbook of Linux