This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the unix category.
Last Updated: 2024-04-25
If the seventh bit is on, the system will temporarily change the user identification of the current user to that of the creator of the file whenever the file is executed as a program.
This change in user ID is effective only during the execution of the program which calls for it. The set-user-ID feature provides for privileged programs which may use files inaccessible to other users.
For example, a program may keep an accounting file which should neither be read nor changed except by the program itself. If the set-user-identification bit is on for the program, it may access the file although this access might be forbidden to other programs invoked by the given program’s user.
Since the actual user ID of the invoker of any program is always available, set-user-ID programs (i.e. NOT the OS) may take any measures desired to satisfy themselves as to their invoker’s credentials. This mechanism is used to allow users to execute the carefully written commands which call privileged system entries. For example, there is a system entry invocable only by the “super-user” (below) which creates an empty directory. As indicated above, directories are expected to have entries for . and .. . The command which creates a directory is owned by the superuser and has the set-user-ID bitset. After it checks its invoker’s authorization to create the specified directory, it creates it and makes the entries for . etc.