We were installing Google Chrome Remote Desktop on Slackware… and there were some notes we took. Here are they for posterity:
Meaning of setuid root
The setuid (set user ID) permission is a special type of file permission on Unix-like operating systems (such as Linux) that allows users to run an executable file with the privileges of the file’s owner, rather than with the privileges of the user who is running the file.
How it works:
- When a file has the setuid bit set and it is executed, the process created by running that file assumes the file owner’s permissions.
- For example, if an executable file is owned by root (the superuser) and has the setuid bit set, any user who runs this executable will run it with root privileges.
Why it’s used:
- setuid is often used for programs that need to perform tasks that require higher privileges than the user running the program would normally have.
- A common example is the passwd command, which allows users to change their passwords. The password file that needs to be updated is owned by root and not writable by regular users. By setting setuid on passwd, any user can change their password, even though they don’t have write access to the password file.
Example:
- Consider a binary file named myprog that is owned by root and has the setuid bit set. If a regular user (e.g., user1) executes myprog, the program will run with root privileges, allowing it to perform tasks that user1 wouldn’t normally be able to do.
Setting setuid:
To set the setuid bit on a file, you would use the chmod command with 4 as the permission digit for the owner. For example:
sudo chmod 4755 /path/to/executable
- Here, 4 sets the setuid bit.
- The 755 part sets the usual read, write, and execute permissions (rwxr-xr-x).
Security Implications:
- The setuid bit should be used with caution because it can potentially allow users to perform privileged operations, which could be exploited if the program has vulnerabilities. It’s generally only used for essential programs and should be applied carefully.
In the context of your error, setting setuid root on the user-session binary would allow it to perform actions as root when executed by any user, which is necessary for the proper functioning of certain programs like chrome-remote-desktop.