3.7. SUID Applications: Getting into the Nitty-Gritty
There are a variety of applications running on your system, and not all run as your user. When you open Activity Monitor from /Applications/Utilities and change the filter option to Administrator Processes, you will see all the processes running on the system as root. Applications that are running as root often have the SUID bit set, causing them to be run as the owner of the file, which for many of these applications is root. To view whether a file has the SUID bit set, you can run an ls -l command in a given directory to look for any file with a listing that has an s listed rather than an execute bit in the permissions line for owners of the file. For example:
-r-s--x--x 1 root root 19809 ...
Get Enterprise Mac Security: Mac OS X Snow Leopard now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
