What is SET UID , handling permissions in Unix explained

Access control in Unix is based on user IDs. SetUID is one of the Unix concept which is poorly documented and largely misunderstood.Here it is explained with a simple example. If you understood the concept consider subscribing to my RSS feed. For more Linux/Unix tips click here

Joe and Harry are working in sales team, Joe knows a bit of programming and he created two files one to store sales data (sales.dat) and another program file called report (report).

-rw——-  joe  sales  sales.dat
-rw——-  joe  sales  report

Now since Harry is a friend of Joe, Harry requested joe to allow him to use the report and Joe set the permission as below

-rw——-         joe  sales  sales.dat
-rwxr-xr-x     joe  sales  report

Now any one can execute the file report. but sales.dat is more sensitive and joe don’t want to share that with any one.

Harry tried to run the report which internally calls sales.dat which is not shared and hence while running the report it throws a ” permission denied” error.

This is where SET UID comes to help.

Joe don’t want any one to access sales.dat other than his program. How can we accomplish that.

Joe add a set User Id capablitiy for the user who wons the file to report as follows

chmod u+s report

now the file permission like as below

-rw——-        joe  sales  sales.dat
-rwsr-xr-x     joe  sales  report

Now if Harry runs the report , since he have permission to run it permission is granted, then program begins and SET UID is in effect and you are Joe as long as the program runs.
report program ask to read the file sales.dat and since you are user Joe permission is granted and program execute successfully.

PS: in simple words you can access sales.dat through reports alone, if you are not the owner of the file

phew .. I am tied, donations are welcome

Tags: Linux, quick guide