|
|
The set-user identification (set-UID) and set-group identification (set-GID) bits must be used carefully. These bits are set through the chmod(1) command and can be specified for any executable file. When any user runs an executable file that has either of these bits set, the system gives the user the identity of the owner (or group) of the executable. This means that the user's process changes its identity. For example, the command used to change a login's password, passwd, is set-UID to root, because the new password must be written to the /etc/shadow file, and that file is writable only by root.
While the set-UID and set-GID mechanisms provide a convenient way to allow ordinary users to run a command that needs to perform a privileged operation, usage does pose some security risk, primarily for files with the set-UID bit set. For example, if a user were somehow able to obtain a copy of the shell and change it to be set-UID to root, then the user could become superuser simply by running the modified shell.
Because of the security risk, it's a good idea to verify, occasionally, that the number and status of files on the system with the set-UID bit set has not changed recently without your knowledge.