ZFS allows to created datasets with setuid turned off, which (AFAIK) means that setuid bit can't be set on files stored in those datasets.
Assume now that there are two datasets, one for the /root
and one for the /home
directories. Would it make any sense to allow setuid bit on any of those two datasets?
My understanding is that NO, becuase:
Surely, root can execute any binary with root privileges. So, setuid in /root
doesn't seem to provide much.
However, if a file is owned by another user and the setuid flag is set, then when root executes that file, it would be executed as if owned by that user, not root. Therefore, setting setuid on binaries stored/installed in /home
might make sense from the root's perspective, but would users even bother? And there are better techniques to execute a binary as another user that root can use anyway.
The only usage for setuid in an user's home folder I can imagine is if that user had to be able to execute a binary with root privileges which couldn't be installed system-wide and access to which would be restricted, e.g. in a folder which can't be browsed by other users. But it seems a bit far-stretched.