Linux Basics for Big Data

78 / 87
Permissions of Processes - setuid

In Unix, there is a file /etc/shadow that contains (one-way)encrypted passwords of every user. The user can not see the contents of the file. This is to defend the password cracking programs.

To change the password, user needs to use the command: passwd. This passwd command first asks you for your old password and encrypts your input and compares it against the value in the file /etc/shadow. If it matches then it updates the password file /etc/shadow with new content.

When you are not allowed to view the /etc/shadow file, how can a program (passwd) do the same when run by you?

This is where the idea of a special permission called setuid come into picture. A program file can be given setuid permission such that program becomes the user who owns the program file instead of the user who is running it.