So when it comes to certain files and executable scripts, as a linux admin you may want to allow certain users to run these scripts with elevated privileges.
setuid and setgid allow you to grant limited elevated privileges (root) without having to add the users to the sudoers file.
Similar to chmod, where you indicate where you want to set the user id bit, you can set the permissions with 4, 2 and 1: suid = 4 sgid = 2 stickybit = 1
To do a suid:
$chmod 4777 script – would give you permissions of
-rwsrwxrwx 1 jason jason
to do sgid use:
$chmod 2777 script – would give you
-rwxrwsrwx 1 jason jason
by using $chmod 6777 script – you would get
-rwsrwsrwx 1 jason jason
For setting back to normal you would use
$chmod 0777 script
SGID is often used with folders for example
$mkdir groupFolder
#chmod 2775 groupFolder
would give you:
-drwxrwsr-x 2 jason jason
when you set groupid on the folder, anyone that adds a file to that folder, the group ownership of the file will receive the group ownership of that folder.
If you have a file that is suid, and is malicious, you can find files on your system that have the suid and/or sgid bit set:
find . -perm +6000
find . -perm +2000
find . -perm +4000
You should occasionally look for these files so you know which files and/or folders are automatically setting permissions.