Home

Suid

Suid, short for set-user-ID on execution, is a Unix-like filesystem permission where an executable runs with the privileges of its owner rather than the user who started it. When a program with the set-user-ID on execution bit set runs, the process’s effective user ID becomes the owner of the file, typically root. This allows ordinary users to perform specific privileged actions without granting broad root access.

The principal purpose of the suid bit is to enable privileged operations that need to be performed

In permission notation, the suid bit appears as an s in the user (owner) execute field. For

Security considerations: SUID programs can be targets for privilege escalation if they contain vulnerabilities or are

See also: SGID, sticky bit, chmod, sudo, capabilities.

on
behalf
of
a
user.
Common
examples
include
password-changing
utilities,
which
need
to
modify
protected
system
files.
The
feature
is
designed
to
be
used
only
for
trusted
programs;
its
misuse
can
create
serious
security
risks.
example,
a
file
with
permissions
-rwsr-xr-x
has
the
suid
bit
set.
If
the
execute
bit
for
the
owner
is
not
set
but
the
suid
bit
is,
it
may
be
shown
as
an
uppercase
S.
The
suid
bit
corresponds
to
the
octal
value
4000.
misconfigured.
To
reduce
risk,
suid
should
be
limited
to
trusted
executables,
regularly
audited,
and
avoided
on
scripts.
When
possible,
alternatives
such
as
sudo
or
capability-based
access
should
be
used
to
grant
necessary
privileges.