Setuid is a Unix term, and is short for Set User ID. Setuid, also sometimes referred to as suid, is an access right flag that can be assigned to files and directories on a Unix based operating system. The setuid flag is mostly used to allow users on a computer system to execute binary executable with temporarily elevated privileges in order to perform a specific task.

Setuid is needed for tasks that require higher privileges than what a common user has, such as changing his or her login password. Some of the tasks that require elevated privilege may not immediately be obvious, though -- such as the Ping command, which must send and listen for ICMPs on a network interface.

When a binary executable file owned by root has been given the setuid attribute, normal users on the system can execute this file and gain root privileges within the created Process. When root privileges have been gained within the Process, the application can then perform tasks on the system that regular users normally would be restricted from doing.

While the setuid feature is very useful in many cases, it can however pose a security risk if the setuid attribute is assigned to executable programs that are not carefully designed. Users can exploit (computer_security) vulnerabilities in flawed programs to gain permanent elevated privileges.

There is also a Setgid flag, which is short for Set Group ID. This attribute will allow for changing the group based privileges within a process, like the setuid flag does for user based privileges.

=External links=