116

Please compare the following two lines:

-rws---r-x 1 root root 21872 2009-10-13 21:06 prg1 

-rwx---r-x 1 root root 21872 2009-10-13 21:06 prg2

Does the setuid bit on prg1, along with the read and execute bits for 'other' mean that any user can run it with root privileges? The prg2 also has read and execute for 'other', but does not have the setuid bit set, so does that mean it can still be run by any user but without root privileges?

cas
  • 78,579
anders
  • 1,263
  • Look up for sticky bit on Google. – Ketan Mar 09 '14 at 15:31
  • 20
    It's not called sticky bit, it's called setuid bit!!!! http://unix.stackexchange.com/questions/79395/how-does-the-sticky-bit-work/79401#79401 – slm Mar 09 '14 at 15:33
  • @slm Thanks for correcting me. I always thought s is for sticky bit to keep a copy of executables in swap space. – Ketan Mar 09 '14 at 15:38
  • See also http://unix.stackexchange.com/questions/28363/whats-the-difference-between-s-and-s-in-ls-la/28365#28365 – Mikel Mar 09 '14 at 16:00

2 Answers2

116

That is the "setuid" bit, which tells the OS to execute that program with the userid of its owner. This is typically used with files owned by root to allow normal users to execute them as root with no external tools (such as sudo).

You can set the suid bit using chmod, eg chmod 4755 which will give a file give the normal permissions 755 does (rwxr-xr-x) and add the suid bit to give rwsr-xr-x

You can clear the setuid bit by issuing a normal chmod command with a 0 prepended to it. For example, to set permissions back to rwxr-xr-x you would use chmod 0755.

casey
  • 14,754
  • 17
    "chmod preserves a directory's set-user-ID and set-group-ID bits unless you explicitly specify otherwise. You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the bits with a numeric mode." - GNU coreutils 8.22 Feb '16 – Patrick M Mar 13 '18 at 15:57
33

Precisely the opposite, you don't need to use sudo or switch to root, the executable does it for you.

orion
  • 12,502
  • 1
    OK thanks for the reply. So in other words the prg1 will always run as root while prg2 will not? – anders Mar 09 '14 at 15:43
  • 3
    Yes. If setuid bit is set, it executes with ITS owner's permissions (usually root's), no matter who calls it. A good example is mount command. It does check who you are, but it CAN mount stuff if fstab says you can. – orion Mar 09 '14 at 15:47