I got confused with setuid concept. What I have understood is that if setuid set on any file.Anybody run(execute) it, it will run as it has ran by its owner.

Is it my concept is correct.
If not please make me explain from example other than passwd.

If it is correct than check my example that I performed.

I have created a file lsscript.sh with permission 4700, means owner has full permission with setuid bit.

now I switched user and tried to run lsscript.sh. But its shows permission denied.

Why? It should have run with owner permission.

you cannot use setuid bits on scripts, but on binaries. Scripts are not standalone executables but there are interpreters (like bash/perl/whatever) to interpret/execute/run them.
Therefore setuid on the script (which is a plain text file) is meaningless.
You ought to set it on the binary, but I do not really suggest you to set setuid on bash or similar (but you can make a local copy of it and try that one).

The 4700 says only the owner can run the script. The 00 for group and others is what gave "permission denied." To try what you want you'd have to set permission to 4750 (if the other user is in the same group) or 4755 so any other user can run the script. Note in both cases, you wouldn't be allowing others to change the script, only read and execute it.

That said, pan64 may be right about when to use setuid. Personally, I have only used it on directories to force the files within them to be owned by the user (or group), and not on scripts or binaries.

Actually, there is way to make scripts executable with setuid, but never tried it personally. Here is good explanation about it:https://unix.stackexchange.com/quest...l-scripts#2910

You can make setuid Perl and Python scripts, just apparently not shell scripts. At least you used to, but perhaps that has changed. You can always write a simple C wrapper around anything and that will be able to get the job done.

EDIT: Yeah, this seems to have changed in most systems and they won't even let Perl do setuid scripts, so you need to write a simple C wrapper that's setuid to launch the script while it is root.

The main reason is that some things like system utilities need to run as root to get access to certain kernel information, certain files, or perform certain tasks.

Really simple programs to understand the logic behind it would be su or sudo.

In order to be able to switch to root or run another program as root, the program that does it obviously has to be running as root to begin with. So su runs as root, asks for your password, then if it authenticates, it changes your userid to root (or any other user) and executes another shell, then you have a # prompt instead of a $ prompt. Same idea with sudo, but you don't get a root shell, you have run each program separately by using sudo with each one

I was always told that the suid bit is not honoured on scripts as a security precaution, to prevent "script kiddies" running malware on your system. Writing and compiling a proper program is beyond the capacity of most of these idiots.

It can't just be because scripts are text, since they can be made executable and most text files can't.

This is exactly what I meant. the setuid on text file (script) itself is ignored, not used. You need to have a setuid binary (either interpreter or shebang or similar) to do that.

here you can find a discussion about setuid in perl: https://stackoverflow.com/questions/...sed-as-cgi-bin

Thats what group and other dont have access to run script, so only I tried to setuid as its say it will run as it has run by owner and owner has permission to run it.
And if I give 755 permission to script than why I need to set setuid to it. It already got access to run script.

you give setuid to run app (act) as another user.

This is a very simple example how you make an setuid script, you'd probably want to add to it so you can pass parameters, etc.:

Save this, substituting /path/to/myscript.pl with whatever script you want to run as root:

compile, then as root: chown root, then chmod 4755.

Then it will run that script as root.