Linux Setting bit S (SetUID) detailed explanation
1. The role of SetUID (S bit)
SetUID is a special permission in Linux file permissions.The purpose is to allow ordinary users to temporarily have the permissions of the program "user to which they belong when executing certain programs.
Classic examples:
The command passwd used to modify passwords in the system is usually /usr/bin/passwd.
However, the /etc/passwd and /etc/shadow files only have write permissions by the root user. In order to allow ordinary users to modify their passwords, the passwd command is set with SetUID permissions, so that it temporarily runs with root permissions during execution, thereby realizing the modification operation.
2. Setting object of s permission
SetUID:Apply only to executable binary filessThe bits are added to the execution permissions of the user:chmod u+s
3. Practical operation examples
Check the passwd command path:
which passwd
View permissions (including S bit):
ll /usr/bin/passwd
Under normal circumstances, the output is as follows:
-rwsr-xr-x 1 root root 54256 Apr 23 08:32 /usr/bin/passwd
NoticerwsIn-house s, which means SetUID is enabled, and root permissions are temporarily used during execution.
4. How to remove S permissions
Method 1: Remove the s bit directly
chmod u-s /usr/bin/passwd
Method 2: Reset the permission bit and remove special permissions
chmod 0755 /usr/bin/passwd
0755The leading in0Indicates that no special permissions are usedTo add SetUID:
chmod 4755,in:4Represents SetUID7Read and write execution permissions representing the owner5Read execution permissions for groups and other users respectively
5. Supplementary permissions
| Permission Type | Digital representation | meaning |
|---|---|---|
| Normal permissions | 0 | No special permissions (default) |
| SetUID | 4 | The s bit of user (u) |
| SetGID | 2 | The s bit of group (g) |
| Sticky Bit | 1 | Adhesive bits for other users (o) |
Deep understanding of SetUID permissions for Linux
1. The essence of SetUID: temporary borrowing mechanism for permissions
When a program file is set with SetUID, when the user executes the program, the process will temporarily obtain the "owner" identity execution permission of the file.
To give an analogy:
You are an ordinary user, like a visitor without a card;
A program with SetUID set is a "limited time door card" placed in advance by the administrator;
You execute the program = After using that card, you can upgrade your permissions and complete operations that only the administrator can do (such as changing the password).
This process is temporary, and the permissions disappear after the program is executed.
2. The underlying mechanism of SetUID
When you execute a binary program, the system will make the following judgment:
IF The file has SetUID And it is an executable file THEN
Will execute the process's validityUID(effective UID)Switch to the file“ownerUID”
ELSE
Use the current user'sUID Execution process
therefore:
- passwdThe file owner is roo, with SetUID
When any user executes it, the process permissions will be promoted to
rootCan write
/etc/shadowFile (otherwise, you can't even read)
3. Use scenarios of SetUID
| Scene | illustrate |
|---|---|
| Password modification program |
passwd Execute it by ordinary users, the program temporarily has root permission to modify /etc/shadow |
Network tools such asping(Early) |
Need to open socket, root permission is required |
User switchsu / sudo
|
The program itself is not root, but it runs temporarily as root after execution. |
4. Safety risks and management suggestions
SetUID is a "double-edged sword". It is convenient to use it well, and it is a system vulnerability to use it poorly.
Potential risks:
When there is a vulnerability in the program(such as buffer overflow, arbitrary file writing, etc.), an attacker may raise the authority to root through the SetUID program and take down the entire machine.
If you are not carefulScript FileSetting the S bit (although it won't take effect), it may still be misleading and abused.
Safety advice:
1. Set S bits only for binary programs that are trusted by the system
2. Regularly scan files with SetUID in the system:
find / -perm -4000 -type f 2>/dev/null
3. Avoid setting S bits for suspicious programs, such as writing scripts and testing programs
4. Use sudo to replace some SetUID scenarios (safer and auditable)
5. Extended supplement: SetUID vs SetGID vs Sticky Bit
| Special permissions | number | Description of use |
|---|---|---|
SetUID(u+s) |
4 | The process runs as the file "owner" |
SetGID(g+s) |
2 | The process runs as the "group to which the file belongs; or the new file is automatically grouped |
Sticky Bit(+t) |
1 | Apply to a directory, only the file owner can delete its own files in that directory (typical like/tmp) |
6. A practical comparison case
Original file permissions:
-rwxr-xr-x 1 root root 54256 Apr 23 08:32 /usr/bin/passwd
Anyone can execute it, but only root can modify it /etc/shadow, the operation of ordinary users will fail.
Turn on SetUID:
chmod u+s /usr/bin/passwd
Permissions become:
-rwsr-xr-x 1 root root 54256 Apr 23 08:32 /usr/bin/passwd
Any user executespasswdThey all temporarily obtain root permissions and can safely modify their passwords.
To sum up one sentence:
SetUID is a key mechanism for "ordinary users have temporary administrator privileges". It is powerful but dangerous and must be used within a controllable range.
The above is the detailed tutorial on Linux setting bit S (SetUID). For more information about Linux setting bit S, please pay attention to my other related articles!