4

I have a feeling the setuid bit, the nosuid mount option, sudo, and su are all related given their names.
But how do they relate to one another?
Are some of them used in conjunction?
If they are not, then why are their names so similar?

Rotem jackoby
  • 143
Melab
  • 4,048
  • 4
    I think this is either a duplicate of http://unix.stackexchange.com/q/65039/135943 or of http://unix.stackexchange.com/q/183994/135943. Not sure which. But if you read both of those, your multi-part question will be answered. – Wildcard Jan 26 '16 at 09:06
  • 2
    Actually even more relevant may be http://unix.stackexchange.com/a/80350/135943. By the way, "suid" just means "setuid"; those two have the exact same meaning. – Wildcard Jan 26 '16 at 09:12

2 Answers2

9

setuid: (set user ID upon execution) is a Unix/Linux access rights flag that allow users to run an executable with the permissions of the executable's owner. It is needed for tasks that require higher privileges than those which common users have, such as changing their login password.

suid: (saved user ID) is used when a program running with elevated privileges needs to temporarily do some unprivileged work. It changes its effective user ID from a privileged value (typically root) to some unprivileged one.

nosuid. When mount use this option then the file system doesn't allow set-user-identifier (setuid) or set-group-identifier (setgid) bits to take effect.

sudo: executes a command as another user but only if the original user is allowed to do it. (the user must be allowed previously in /etc/sudoers). It asks the user for their own password, making possible to authorize users to do tasks allowed only to root without revealing root's password.

su: This command allows the user to run a (new) shell / program as another user. The most common use of su is to become root. It asks for the password of the user you want to be, so only knowing that password it accepts the user substitution.

Miles
  • 6,927
jcbermu
  • 4,736
  • 18
  • 26
  • "become another user" meaning "run a (new) shell / program as another user". It does not change the permissions of running processes. – Hauke Laging Jan 26 '16 at 09:27
  • Yes. It's true. I'll change my answer. – jcbermu Jan 26 '16 at 09:28
  • So why have setuid bits if you have sudo or su? And if setuid bits are so important, then why don't see I see any of them when I use ls on important system executables? – Melab Jan 26 '16 at 11:42
  • If you issue a ls -l /usr/bin/passwd the result will show an s in the executable bit of the owner. That is the setuid bit – jcbermu Jan 26 '16 at 11:55
  • it's important because it can be assigned only to specific executables. – jcbermu Jan 26 '16 at 11:56
3

"set user ID" is an important permission feature. sudo and su (and many other programs including mount) need this feature to work; some programs work partly without this feature (like mount), others (like sudo and su) do not work at all. This feature is related to files. Files exist in file systems only. nosuid disables this feature for all files in a file system (which makes especially sense for removable media).

Hauke Laging
  • 90,279