Skip to main content

Linux Special permissions – SUID,SGID and Sticky bit

The basic security of a Linux computer is based on file permissions. In this article, I will explain some Linux special permissions which you can set for files and directories.

Linux Special permissions

  • suid
  • sgid
  • sticky bit

SUID(s)

The suid/setuid bit is represented by s (Octal 4).This special permission allows a user to access files and directories that are normally only available to the owner. Usually, when a user executes a command that access files, the system checks the user’s permissions for the files. In some cases, this may cause problems. For example, the suid permission on the passwd command makes it possible for a normal user to change passwords by updating few system files like /etc/passwd and /etc/shadow which can’t be updated by non-root accounts. Therefore, passwd command always run with root user rights.

-rwsr-xr-x 1 root root 54256 Mar 29 14:55 /usr/bin/passwd*

 

How can we set SUID?

Symbolic way:

[email protected]:~$ chmod u+s sample.txt
[email protected]:~$ ll sample.txt
-rwSrw-r– 1 admin admin 0 Jul 24 22:40 sample.txt

Numerical way:

[email protected]:~$ chmod 4655 sample.txt
[email protected]:~$ ll sample.txt
-rwSr-xr-x 1 admin admin 0 Jul 24 22:40 sample.txt*

 

SGID

First of all the octal digit for the sgid is 2.It is almost similar to suid, except that the process will have the same group rights of the file being executed. When sgid permission is applied to a directory, all sub directories and files created inside this directory will get the same group ownership as main directory and not to the user’s group ownership.

How can we set SGID?

Symbolic way:

[email protected]:~$ chmod g+s share
[email protected]:~$ ls -ld share/
drwxrwsr-x 2 admin admin 4096 Jul 24 23:13 share/

Numerical way:

[email protected]:~$ chmod 2775 share/
[email protected]:~$ ls -ld share/
drwxrwsr-x 2 admin admin 4096 Jul 24 23:13 share/

 

Sticky Bit(t)

The sticky bit is represented by t (octal -1). It is mainly used to protect files within a directory. So, if a directory has the sticky bit set, a file can be deleted only by the owner of the file, the owner of the directory, or by root. This is useful for publically accessible directories like /tmp.

How can we set Sticky Bit?

Symbolic way:

[email protected]:~$ chmod +t /tmp
[email protected]:~$ ls -ld /tmp/
drwxrwxrwt 16 root root 4096 Jul 24 23:30 /tmp/

Numerical way:

[email protected]:~$ chmod 1777 /tmp
[email protected]:~$ ls -ld /tmp/
drwxrwxrwt 16 root root 4096 Jul 24 23:30 /tmp/

Rate this post

GeeksAlive

TheGeeksAlive is all about Linux, Server Administration, Web Hosting and other Open Source Technologies.