System Administration Guide
Chapter 5, Maintaining system security

SUID/SGID bits and security

SUID/SGID bits and security

When the SUID (set user ID) or SGID bits are set on the permissions of a binary file, it executes with the UID or GID of the owner rather than that of the person executing it. An SUID/SGID binary has access to all the files, processes, and resources belonging to the owner or group of the binary file. This mechanism is used by the system to manage access to protected files. For example, passwd(C) is an SUID binary that allows users to change their password stored in the Protected Password database without allowing them direct access to this information. But SUID/SGID bits can be misused. Ordinary users should not be able to set these bits, and their use is restricted by the chmodsugid privilege.