Programs that have setuid permission allow users to perform operations and access local files for which they normally may not have the necessary permissions. Such a program allows anyone who uses it to execute with the permissions of the user who owns the program for the duration of the program's execution.
While a setuid program executes, the person executing it is treated as the owner of the program. The effective user identification number (UID) of the executing program is the UID of the person who owns the program, not the UID of the person who initiated the program's execution. Thus, the person executing the program is granted the same permissions as the person who owns the program for as long as the program executes.
A setuid program owned by root allows a user who executes the program to execute with root privilege for the duration of the program. When handled correctly, such setuid programs are very useful. For example, programs that modify the password file for a system (/etc/passwd or its equivalent) are setuid programs that allow users to execute with root privilege long enough to modify their passwords. When handled incorrectly, however, setuid programs owned by root can present a serious breach in security.
In the UNIX operating system, setuid programs are indicated by setting a mode bit associated with a file. By default, the Cache Manager does not allow setuid programs to execute with setuid permission. Use the cm setsetuid command to enable setuid programs from specific filesets to execute with setuid permission. The command sets setuid status on a per-fileset and per-Cache Manager basis. It is commonly included in a start-up file (/etc/rc or its equivalent) to enable setuid programs from a specified fileset at machine startup.
Note that setuid programs are effective only in the local environment. A setuid program can change only the local identity under which a program runs; it cannot change the DCE identity with which a program executes because it provides no Kerberos tickets. DCE does not recognize the change to the local identity associated with a setuid program.
Use the cm getsetuid command to determine whether the Cache Manager allows programs from specific filesets to execute with setuid permission.
Note: Every program also has a setgid bit that, when set, allows a person executing the program to execute with the permissions of the group that owns the program for the duration of its execution. When the cm setsetuid command is used, it automatically enables or disables setgid permission at the same time. Thus, if setuid programs are enabled on a fileset, setgid programs are also enabled on that same fileset.
More: