1. Securing Files and Verifying File Integrity in Oracle Solaris 11.4
  2. Controlling Access to Files
  3. Using UNIX Permissions to Protect Files
  4. Special File Permissions Using setuid, setgid and Sticky Bit

Special File Permissions Using setuid, setgid and Sticky Bit

Three special types of permissions are available for executable files and public directories: setuid, setgid, and sticky bit. When these permissions are set, any user who runs that executable file assumes the ID of the owner (or group) of the executable file.

You must be extremely careful when you set special permissions, because special permissions constitute a security risk. For example, a user can gain root capabilities by executing a program that sets the user ID (UID) to 0, which is the UID of root. Also, all users can set special permissions for files that they own, which constitutes another security concern.

You should monitor your system for any unauthorized use of the setuid permission and the setgid permission to gain root capabilities. A suspicious permission grants ownership of an administrative program to a user rather than to root or bin. To search for and list all files that use this special permission, see How to Find Files With Special File Permissions.