SetUID and SetGID question

Ioannis Vranos ioannis.vranos at
Sun Sep 11 14:51:41 UTC 2011

On Sun, Sep 11, 2011 at 6:22 AM, Smoot Carl-Mitchell <smoot at> wrote:
> The process gets all those permissions.  Perhaps an example will help.
> Suppose there is a file (call it foo) with the following permissions:
> -rw-r-----  smoot wheel    foo
> The user "smoot" can read and write the file.  Anyone in the "wheel"
> group can read the file, while everyone else has no permissions to the
> file.
> Suppose there is a user called "fred" who is not in the "wheel" group.
> fred has no permissions to read or write the file.  Now if there is a
> program called "setuid" with the following permissions:
> -rwsrwxr-x    smoot  user  setuid
> When fred runs the setuid program, he has permissions to read or write
> the file "foo". ( assuming the program is written to open the file
> "foo").  Now suppose there is a setgid program called "setgid":
> -rwxrwsr-x    smoot  wheel setgid
> If fred runs this program, he only has permissions to read the file
> "foo".  Now it is true in this example that the setgid permissions are a
> subset of the setuid permissions for the file "foo", but that does not
> need to be the case.  Suppose the permissions on "foo" are:
> -r--rw----    smoot   wheel    foo
> Now the setuid program only has permission to read the file, while the
> setgid program can read and write the file.  It is true the owner of the
> file can change permissions on any file it owns, but an attempt to open
> the file "foo" for writing will fail for any setuid program owned by
> "smoot".
> The permissions in practice can be more complicated, since it is
> possible to switch between the setuid or setgid permissions and the
> permissions of the user invoking the program.  See the setuid man page
> for details.

Thank you for this information.

Question: If the file foo has the following permissions:

-r---w----  1 someUser someGroup   36 2011-08-09 23:09 foo

and we access it with an executable, that has both SetUID and SetGID active:

-rwsr-sr-x  1 someUser someGroup  869 2011-07-26 17:38 someExecutable

Has this executable, both read and write access to the foo above?

Ioannis Vranos

More information about the ubuntu-users mailing list