Explanation for newbies: setuid is a special permission bit that makes an executable run with the permissions of its owner rather than the user executing it. This is often used to let a user run a specific program as root without having sudo
access.
If this sounds like a security nightmare, that’s because it is.
In linux, setuid is slowly being phased out by Capabilities. An example of this is the ping
command which used to need setuid in order to create raw sockets, but now just needs the cap_net_raw
capability. More info: https://unix.stackexchange.com/questions/382771/why-does-ping-need-setuid-permission. Nevertheless, many linux distros still ship with setuid executables, for example passwd
from the shadow-utils
package.
Does passwd rely on it as well? I’m curious to it’s benefits, and what we’re it’s original use cases. Is it a necessary component of multi-user systems?
passwd uses it to update your password in an root-only-writable file