SUID/SGID bits and security
When the SUID (set user ID) or SGID bits are set
on the permissions of a binary file, it executes with the UID
or GID of the owner rather than that of the person executing it.
An SUID/SGID binary has access to all the files,
processes, and resources belonging to the owner or group of the binary file.
This mechanism is used by the system to manage access to
protected files. For example,
passwd(C)
is an SUID binary that allows users to change their
password stored in the Protected Password database
without allowing them direct access to this information.
But SUID/SGID bits can be misused.
Ordinary users should not be able to set these bits, and
their use is restricted by the
chmodsugid privilege.
Next topic:
SUID, SGID, and sticky bit clearing on writes
Previous topic:
A complex ACL
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005