Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SETUID(1)							     SETUID(1)

       setuid -	run a command with a different uid.

       setuid username|uid   command [ args ]

       Setuid  changes	user  id, then executes	the specified command.	Unlike
       some versions of	su(1), this program doesn't ever ask  for  a  password
       when executed with effective uid=root.  This program doesn't change the
       environment; it only changes the	uid and	then uses execvp() to find the
       command	in  the	 path,	and  execute it.  (If the command is a script,
       execvp()	passes the command name	to /bin/sh for processing.)

       For example,
	      setuid  some_user	 $SHELL
       can be used to start a shell running as another user.

       Setuid is useful	inside scripts that are	being  run  by	a  setuid-root
       user  --	 such  as  a script invoked with super,	so that	the script can
       execute some commands using the uid of the original  user,  instead  of
       root.   This  allows unsafe commands (such as editors and pagers) to be
       used in a non-root mode inside a	super script.  For example, an	opera-
       tor  with  permission  to  modify  a certain protected_file could use a
       super command that simply does:
	      cp protected_file	temp_file
	      setuid $ORIG_USER	${EDITOR:-/bin/vi} temp_file
	      cp temp_file protected_file
       (Note: don't use	this example directly.	If the temp_file  can  somehow
       be  replaced  by	 another  user,	as might be the	case if	it's kept in a
       temporary directory, there will be a race condition in the time between
       editing	the temporary file and copying it back to the protected	file.)

       Will Deich

				     local			     SETUID(1)


Want to link to this manual page? Use this URL:

home | help