Q&A: Who SUIDs?

Q Noting your assurances, and those of others, that SUID errors in Disk Utility can be safely ignored, I wondered which applications do set their own UID? Is there a list available?

A The reason that Disk Utility cannot be more helpful is that there is no useful list of processes that SUID, and thus could appear in the detailed report when repairing permissions.

SUID only happens when a process is running; if you have a background tool that pops up every hour and performs some routine maintenance tasks that need to be run as the root user, then most of the time it will be inactive, and will not be singled out for such warnings. However if you happen to repair permissions whilst it is running, it will be noticed and listed as an SUID item.

Many background processes included in OS X can SUID, so depending on exactly how your Mac is configured, you could see any of them when repairing permissions. Plenty of third-party products are the same, so the list is long and indefinite.

By comparison the current list of Trojans that are likely on OS X 10.10.5 which SUID should be much shorter: none.

This may change one day, when we will need to recognise the Trojans, but for now processes that SUID can safely be assumed to be benign. If you are in any doubt as to what is running and whether it is benign or malevolent, take a look at Objective-See’s tools, particularly TaskExplorer and BlockBlock, rather than worrying about Disk Utility logs.

Updated from the original, which was first published in MacUser volume 26 issue 2, 2009.