Setuid & setgid

The owner and the super user can also set setuid and setgid permissions on a file and setgid permission on the directory. These special permissions enable to control the change of files and shared directories on that.

A user who has execution permission on the file would be treated as the owner of the file if an executable file has setuid permission.

A user who has execution permission on this file will be treated as the user who belongs to the group of the executable file if a file has setgid permission.

Executable programs with setuid or setgid permission get their UID's or GID's from the owner and group of the program file, instead of inheriting their UID's and GID's from the process (commonly a shell) which started them. This is used whenever a program must access files which are commonly only accessible to the owner or group owner of the program.

For example

#ls -l /usr/bin/passwd /etc/shadow

-r----      1 root   root      957      May     23        18:26 /etc/shadow

-r-s-x-x       1 root   root      12244  Feb     8          2000 /usr/bin/passwd

#                                 

From the given example it is clear with in the shadow file, just root has read permission and all others do not have any permissions. But any user could change their password by using /usr/bin/passwd command, which will create modifications in the /etc/shadow file. This happens since   /usr/bin/passwd is a setuid program

Directories which have setgid permission will propagate their GID to files created below them, which is new files and directories will belong to the similar group as the parent directory. It is extremely useful in the case of a shared project directory