[Linux Difference between SUID and cap_setuid of binary]

847 views Asked by At

"I dont understand difference between SUID of binary and cap_setuid in linux.Then, difference between SUID and setuid"

1

There are 1 answers

0
Tinkerer On

SUID for a binary means that the binary is instrumented to become a different effective user when started. For example:

$ cp `which id` nobody_id
$ sudo chown nobody nobody_id
$ sudo chmod +s nobody_id
$ ./nobody_id
.... euid=65534(nobody) groups= ...

You can do the same thing but make the binary setuid-root to make the binary run with root's privileges.

CAP_SETUID is a Linux capability to permit a process to change UID from code: it can give the code permission to execute the setuid() system call. This is considered a privilege over what normal user code can do. It can be given to a program using a file-capability that doesn't affect the ownership of the file:

$ sudo setcap cap_setuid=ep my_program_binary

When ./my_program_binary is next run, it will run with that capability enabled.