Temporarily changing the user ID or group ID during execution
An executable file can have an additional attribute, which is
displayed in the execute position (x) when
you issue ls -l. This permission setting
is used to allow a program temporary access to files that are not
normally accessible to other users. An s or S can
appear in the execute permission position; this permission bit sets
the effective user ID or group ID of the user process that is executing
a program to that of the file whenever the file is run. The setuid
and setgid bits are only honored for executable files that contain
load modules.
- s
- In the owner permissions section, s indicates
that the set-user-ID (S_ISUID) bit is set and execute (search) permission
is set.
In the group permissions section, s indicates that the set-group-ID (S_ISGID) bit is set and execute (search) permission is set.
- S
- In the owner permissions section, S indicates
that the set-user-ID (S_ISUID) bit is set, but the execute (search)
bit is not.
In the group permissions section, S indicates that the set-group-ID (S_ISGID) bit is set, but the execute (search) bit is not.
A good example of this behavior is the mailx utility. A user who is sending mail to another user on the same system is actually appending the mail to the recipient's mail file, even though the sender does not have the appropriate permissions to do this action. The mail program does.