Man page - setuid(1)

Packages contains this manual

Package: super
apt-get install super

Manuals in package:

Documentations in package:

super

Manual

SETUID

NAME
SYNOPSIS
DESCRIPTION
AUTHOR

NAME

setuid - run a command with a different uid.

SYNOPSIS

setuid username | uid command [ args ]

DESCRIPTION

Setuid changes user id, then executes the specified command . Unlike some versions of su (1), this program doesn’t ever ask for a password when executed with effective uid=root. This program doesn’t change the environment; it only changes the uid and then uses execvp() to find the command in the path, and execute it. (If the command is a script, execvp() passes the command name to /bin/sh for processing.)

For example,

setuid some_user $SHELL

can be used to start a shell running as another user.

Setuid is useful inside scripts that are being run by a setuid-root user — such as a script invoked with super , so that the script can execute some commands using the uid of the original user, instead of root. This allows unsafe commands (such as editors and pagers) to be used in a non-root mode inside a super script. For example, an operator with permission to modify a certain protected_file could use a super command that simply does:

cp protected_file temp_file
setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
cp temp_file protected_file

(Note: don’t use this example directly. If the temp_file can somehow be replaced by another user, as might be the case if it’s kept in a temporary directory, there will be a race condition in the time between editing the temporary file and copying it back to the protected file.)

AUTHOR

Will Deich