How to set the SetUID and SetGID bit for files in Linux

How to set the SetUID and SetGID bit for files in Linux

In this tutorial I will show you, how to set the SetUID and SetGID bit for files in Linux server.

The setuid (set user id) is a permission bit, that allows the users to exec a program with the permissions of its owner.

The setgid (set group id) is a bit that allows the user to exec a program with the permissions of the group owner.

A random user can exec a setuided script, with the permissions of the owner. Also a random user can exec a setgided script, with the permissions of the group.

The setuid and setgid can be set with the chmod command, like any other permission bits.

To view if a file has setuid and setgid, use ls -l or stat. The s in the user permissions field represents the setuid and the S in the group permission field represents the setgid:

$ ls -l
-rwSrwSr-- 1 razvan razvan 0 2012-07-01 02:46 script

How to set and remove the setuid and the setgid:

1. In the human readable format:

The setuid and setgid can be set in both the octal and the human readable format.

To add the setuid add the +s bit for the user: chmod u+s /path/to/file

$ chmod u+s script2

To remove the setuid bit use the -s argument with the chmod command: chmod u-s /path/to/file

$ chmod u-s script2

To set the setgid bit on a file, add the +s argument for the group, with chmod g+s /path/to/file:

$ chmod g+s myscript

To remove the setgid use -s for the group: chmod g-s /path/to/file

$ chmod g-s myscript

2. In the octal mode:

To set the setuid in the octal form, place a 4 in front of the three permission bits. 4777 for example, means that the file has full permissions and setuid bit: chmod 4777 /path/to/myscript.

$ chmod 4777 myscript
$ chmod 4764 myscript

To set the setgid in the octal form, add a 2 before the three permission digits. 2777 for example, means that the file has full permissions and setgid bit: chmod 2777 /path/tomyscript

$ chmod 2777 myscript
$ chmod 2764 myscript

To remove the setuid and setgid place a 0(zero)  in front of the three permission bits: chmod 0777 /path/to/file.

How to find the setuided and setgided files:

I will show you how to find the setuided and setgided files with find: find / -type f -perm /6000

$ find / -type f -perm /6000 -exec stat -c "%A %a %n" {} \;
-rwxr-sr-x 2755 /usr/bin/wall
-rwxr-sr-x 2755 /usr/bin/mlocate
-rwxr-sr-x 2755 /usr/bin/dotlockfile
-rwxr-sr-x 2755 /usr/bin/crontab
-rwsr-sr-x 6755 /usr/bin/at
-rwxr-sr-x 2755 /usr/bin/bsd-write
-rwxr-sr-x 2755 /usr/bin/ssh-agent
-rwsr-xr-x 4755 /usr/bin/mtr
-rwsr-xr-x 4755 /usr/bin/traceroute6.iputils
-rwsr-xr-x 4755 /usr/bin/passwd
-rwsr-xr-x 4755 /usr/bin/pkexec
-rwsr-sr-x 6755 /usr/bin/X
[...]

Find only the files with setuid: find / -type f -perm /4000

Find only the files with setgid: find / -type f -perm /2000

Was this Tutorial helpful? Help others share on Facebook, Twitter, and Google Plus!

 
Enjoyed this video?
How to set the SetUID and SetGID bit for files in Linux
"No Thanks. Please Close This Box!"