From reading the FreeBSD documentation, it seems like the setuid permission is given to a script or a program and allows it to run as another UID. The reason behind this, using the passwd command as an example, is to allow a non-root user to change their password without changing anyone else's password (passwd prevents one user from being able to change other user's passords). Is this correct? Is the setuid permission used for any other purpose than to allow a user to use a program to access a file as another user? A follow on question (if the above is incorrect, ignore this question), would implementing finer-grained file permissions (different permissions for different portions of a file) remove the necessity for the setuid permission? For example, in the password database, each user would have permission to edit their own password, but not any other user's password. This way, passwd could run with the permissions of the user that's changing their password. I realize that this would be a huge rewrite, but beyond that, is this a possible solution, or would it just create more problems than it would solve?