NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 2.0 Threats

SUID (Set-User-ID)

A Linux file permission bit that causes an executable to run with the permissions of its *owner* rather than the user invoking it. `chmod u+s file` sets it. Shown as `rws` (the `s` replaces `x`) in `ls -l`.

How this shows up at NCAE

SUID binaries owned by root that shouldn't be (e.g., `/tmp/pwn`, a SUID-bit copy of `/bin/bash`) are common red-team privilege-escalation paths. The backdoor-hunt script checks `find / -perm -4000`.