What is setuid?

setuid means set user ID upon execution. If setuid bit turned on a file, user executing that executable file gets the permissions of the individual or group that owns the file. You need to use the ls -l or find command to see setuid programs.

All setuid programs displays S or s in the permission bit (owner-execute) of the ls command. Type the following command:

ls -l /usr/bin/passwd

Sample outputs:

-rwsr-xr-x 1 root root 42856 2009-07-31 19:29 /usr/bin/passwd

 

Mode 4000 Some executable files have and in the user permissions listing instead of an x.

This indicates that the executable is setuid meaning that when you execute the program, it runs as the file owner instead of you.

Many programs use this setuid bit to run as root to get the special privileges they need to change system files eg the passwd program <verbatim>#chmod u+s /home/share Sets the SUID flag

chmod 4755 file Sets the SUID flag
chmod u-s /home/share Removes the SUID flag

drwsrwrxwx root root share</verbatim>

 

more info: cyberciti.biz/faq/unix-bsd-linux-setuid-file/