What is the effect of the "s" permission bit on a file?

Question

I have two files with the following permissions:

-rwsr--r--  1 root root 213 Oct 22 12:15 f1
-r--rwxr--  1 Bob staff 113 Oct 22 12:18 f4

Can the user Bob execute f1 and why? What is the effect of the s in the set of permission on f1?

score 1 · Answer 1 · answered Oct 03 '22 at 09:08

The s permission there means that the setuid bit (mode 4000) is set for that file. Such a file is run with the privileges of the file's owner, not of the user invoking it. In this case, when user Bob runs the file, it will be like the user root (superuser) ran it, so it will have full access to the system. As you imagine, this can be very dangerous e.g. a shell with setuid set is practically a backdoor to the whole system.

However, the file is missing the executable (x) permission for "others", so Bob can't really run it. To allow all other users, Bob included, to run the file, the root user has to enter the command

chmod a+rx f1

Related question about this second part: what is the purpose of setuid enabled with no executable bit?

score 0 · Answer 2 · answered Oct 03 '22 at 02:48

0

The s in the permissions means that the setuid is turned on. Bob can execute the f1 file, though, only if the permissions are changed so that the other group has execute permissions, so at least 4745:

sudo chmod 4745 f1
-rwsr--r-x 1 root root 213 Oct22 12:15 f1

answered Oct 03 '22 at 02:48

Sean Burns

1
1

You could also chmod o+x,u+s f1 which IME is more readable/understandable – Chris Davies Oct 03 '22 at 07:58
It's good to know both ways, but that does help. – Sean Burns Oct 04 '22 at 13:01

What is the effect of the "s" permission bit on a file?

2 Answers2