Special Permissions: Sticky Bit, SUID and SGID
Sticky Bit, SUID and SGID are special permissions used in Unix-like systems, hence in Linux. Knowing how to use and why one should use them isn’t necessarily fundamental to understand basic permissions in Linux, however they can prove useful in some situations.
Sticky Bit
The first one is the Sticky Bit. Let’s suppose you have a folder where everyone has full permissions, but files that are not important for a user may be important for another one. A user could easily delete a file that is important to another user, and that’s a bit of a problem. That’s what sticky bit is used for: when a sticky bit is used only the owner/root can delete or rename that file. Usually the sticky bit is used on folders. A typical example can be found in /tmp directory
# ls -la drwxrwxrwt. 20 root root 4096 Nov 20 14:41 . drwxr-xr-x 18 root root 4096 Nov 6 20:19 .. drwxrwxrwt 2 root root 4096 Jan 1 2010 .font-unix drwxrwxrwt 2 root root 4096 Jan 1 2010 .ICE-unix drwx------ 3 root root 4096 Jan 1 2010 systemd... drwx------ 3 root root 4096 Jan 1 2010 systemd... drwx------ 3 root root 4096 Jan 1 2010 systemd... drwxrwxrwt 2 root root 4096 Jan 1 2010 .Test-unix -r--r--r-- 1 root root 11 Jan 1 2010 .X0-lock drwxrwxrwt 2 root root 4096 Jan 1 2010 .X11-unix drwxrwxrwt 2 root root 4096 Jan 1 2010 .XIM-unix
Can you notice that t in the place of the x permission on some lines? That’s the sticky bit. And now how to set the sticky bit: it can be set by using the chmod command:
$ chmod +t /path/to/file
or
$ chmod 1777 /path/to/file
Notice the 1 in 1777.
SUID
Now you’ve probably been wondering if it is “super user id” or “switch user id” or whatever, it actually stands for Set User ID. SUID is a special permissions that allows anyone who executes the program to run it as if he were the owner (it will be loaded with the same permissions).
Let’s take a look at my brand new test file:
# ls -l -rwxrwxrwx 1 root root 0 Nov 20 17:12 test
Test file has now 777 permissions; let’s apply the SUID:
# chmod u+s test
# ls -l -rwsrwxrwx 1 root root 0 Nov 20 17:12 test
The x bit of the owner has changed to s: that means SUID is active. But what if it isn’t executable?
# chmod u-x test
# ls -l -rwSrwxrwx 1 root root 0 Nov 20 17:12 test
The s has changed to S.
Tip: You can set SUID issuing chmod 4777 .
SGID
As for SUID it stands for Set Group ID. When SGID is set, whoever will run the program will execute it as if he were in the group of the program.
I restored the test file to 777 without SUID.
# ls -l -rwxrwxrwx 1 root root 0 Nov 20 17:12 test
Now let’s apply SGID:
# chmod g+s test
# ls -l -rwxrwsrwx 1 root root 0 Nov 20 17:12 test
The x bit has switched to s, but this time in the group permission: that means SGID is active. And as for the SUID we can disable its execution:
# chmod g-x test
# ls -l -rwxrwSrwx 1 root root 0 Nov 20 17:12 test
The s has changed to S.
Tip: You can set SGID issuing chmod 2777 .
- 2020 A year in review for Marksei.com - 30 December 2020
- Red Hat pulls the kill switch on CentOS - 16 December 2020
- OpenZFS 2.0 released: unified ZFS for Linux and BSD - 9 December 2020
Recent Comments