Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SETUID(1)		    General Commands Manual		     SETUID(1)

       setuid -	run a command with a different uid.

       setuid username|uid   command [ args ]

       Setuid  changes	user  id, then executes	the specified command.	Unlike
       some versions of	su(1), this program doesn't ever ask  for  a  password
       when executed with effective uid=root.  This program doesn't change the
       environment; it only changes the	uid and	then uses execvp() to find the
       command	in the path, and execute it.  (If the command is a script, ex-
       ecvp() passes the command name to /bin/sh for processing.)

       For example,
	      setuid  some_user	 $SHELL
       can be used to start a shell running as another user.

       Setuid is useful	inside scripts that are	being  run  by	a  setuid-root
       user -- such as a script	invoked	with super, so that the	script can ex-
       ecute some commands using the uid of  the  original  user,  instead  of
       root.   This  allows unsafe commands (such as editors and pagers) to be
       used in a non-root mode inside a	super script.  For example, an	opera-
       tor  with permission to modify a	certain	protected_file could use a su-
       per command that	simply does:
	      cp protected_file	temp_file
	      setuid $ORIG_USER	${EDITOR:-/bin/vi} temp_file
	      cp temp_file protected_file
       (Note: don't use	this example directly.	If the temp_file  can  somehow
       be  replaced  by	 another  user,	as might be the	case if	it's kept in a
       temporary directory, there will be a race condition in the time between
       editing the temporary file and copying it back to the protected file.)

       Will Deich

				     local			     SETUID(1)


Want to link to this manual page? Use this URL:

home | help