A setuid executable has the setuid permissions bit set, with the following command:

panic% chmod u+s filename

This sets the process's effective user ID to that of the file upon execution. Most users have used setuid executables even if they have not realized it. For example, when a user changes his password he executes the passwd command, which, among other things, modifies the /etc/passwd file. In order to change this file, the passwd program needs root permissions. The passwd command has the setuid bit set, so when someone executes this utility, its effective ID becomes the root user ID.

Using setuid executables should be avoided as a general practice. The less setuid executables there are in a system, the less likely it is that someone will find a way to break in. One approach that crackers use is to find and exploit unanticipated bugs in setuid executables.

When the executable is setuid to root, it is vital to ensure that it does not extend read and write permissions to its group or to the world. Let's take the passwd utility as an example. Its permissions are:

panic% ls -l /usr/bin/passwd
-r-s--x--x 1 root root 12244 Feb 8 00:20 /usr/bin/passwd

The program is group- and world-executable but cannot be read or written by group or world. This is achieved with the following command:

panic% chmod 4511 filename

The first digit (4) stands for the setuid bit, the second digit (5) is a bitwise-OR of read (4) and executable (1) permissions for the user, and the third and fourth digits set the executable (1) permissions for group and world.