setuid and setgid (short for set user ID upon execution and set group ID upon execution, respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.

setuid and setgid are needed for tasks that require higher privileges than those which a common user has, such as changing his or her login password. Some of the tasks that require elevated privileges may not immediately be obvious, though — such as the ping command, which must send and listen for control packets on a network interface.

setuid 、setgid在二进制文件

当一个二进制文件拥有了setuid权限,使用ls -l参数查看的时候,就会在owner权限中有一个s代替了原来的x,这是时候,当其他人运行这个程序的时候,系统将给这个进程赋予文件拥有者的权限。要是我们给这个二进制程序赋予了setuid却没有给others执行权限,那么这个s就会变成大写“S”,这样的设置没有意义。


sticky bit在目录


设置setuid,setgid和sticky bit

chmod ug+s

chmod +t
#给目录设置sticky bit{% endcodeblock %}
{% codeblock %}chmod 4751

chmod 2751

setuid,setgid 和 sticky bit