Special File Permissions (SetUID, SetGID and Sticky Bit)

Special File Permissions (SetUID, SetGID & Sticky Bit) in linux, Special permissions in Linux (SUID, SGID, Sticky Bit), How to set & change Special Permissions

Special File Permissions (SetUID, SetGID and Sticky Bit)
We have already explained you about the default file permissions in linux (http://www.learnitguide.net/2015/11/linux-files-and-file-permission.html). Apart from default file permissions in linux, there are three types of special permissions in LINUX.

1) Set User ID/SetUID i.e. SUID (Can be set on files and directories)
2) Set Group ID/SetGID i.e. SGID (Can be set on files and directories)
3) Sticky Bit (only for directories to prevent deletion)

These permissions are needed to improve security. When these permissions are set, any user who runs that executable file assumes the user ID of the owner (or group) of the executable file.


In other words, if an execute program is owned by root and the setuid perm is set, then no matter who executes that program, it runs as if being executed by 'root'

With the help of “chmod” command  we can implement the special permissions on file and directories.

What is SetUID?
SUID / Set User ID/SETUID : Whenever SETUID permission has set on executable files, anyone executing that command (file) will inherit the permissions of the owner of the file.

The SetUID permission displays as an “s” in the owners executable field. For below example, the SETUID permission on the “passwd” and "su" command which provides the access to change the passwd for users.

bash-3.00# ls -ltr /usr/bin/su /usr/bin/passwd
-r-sr-xr-x   1 root     sys        25124 Feb 13  2009 /usr/bin/su
-r-sr-sr-x   1 root     sys        22644 Aug  6  2010 /usr/bin/passwd
bash-3.00#
Note: This special permission can be quite dangerous. For example, If you have a SETUID shell which is owned by one user, other user essentially inherit your file permissions by executing it, hence they have the ability to remove all files which owned by the real user.

How to set SETUID on Linux?
Syntax is
# chmod 4555 filename
or
# chmod u+s filename
In the first command, "4" represents the Value to set SETUID special permission, and other 555 permissions are for owner,group and others respectively. Second command, directly set SETUID to the groups in symbolic way.
[ads-post]
What is SetGID?
SGID / Set Group ID : SETGID permission is similar to the SETUID, except that the process's effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions assigned to that group.

The SetGID permission displays as an “s” in the group executable field. For below example, the SetGID permission has been set on the “write” and "mail" command.
bash-3.00# ls -ltr /usr/bin/mail /usr/bin/write
-r-xr-sr-x   1 root     tty        14208 Jan 23  2005 /usr/bin/write
-r-x--s--x   1 root     mail       58872 Aug  6  2010 /usr/bin/mail
bash-3.00#
How to set SETGID on Linux?
Syntax is
# chmod 2555 filename
or
# chmod g+s filename
In the first command, "2" represents the Value to set SETGID special permission, and other 555 permissions are for owner,group and others respectively. Second command, directly set SETUID to the groups in symbolic way.

What is Sticky Bit?
Sticky Bit :  If the directory permission have the sticky bit permission set, then the file can be deleted only by the owner of the file/directory or the root user.This special permission prevents to delete other user’s file from public directories.
bash-3.00# ls -ld /tmp
drwxrwxrwt  10 root     sys          854 Sep 18 22:09 /tmp
bash-3.00#
How to set Sticky Bit on Linux?
Syntax is
# chmod 1777 /var/test/
or
# chmod o+t /var/test/
In the first command, "1" represents the Value to set Sticky Bit special permission, and other 777 permissions are for owner,group and others respectively. Second command, directly set Sticky Bit to others in symbolic way.

You may see some difference in representing letters of special permissions as uppercase and lowercase. Difference of those special permission are explained below.

Permissions Descriptions
--S------         SUID is set, but user (owner) execute permission is not set.
--s------         SUID and user execute persmission are set both.
-----S---         SGID is set, but group execute permission is not set.
-----s---         SGID and group execute permission are set both.
--------T         Sticky bit is set, bot other execute permission is not set.
--------t         Sticky bit and other execute permission are both set.

Thanks for reading our post. share with your friends. We appreciate your feedback, Leave your comments if any.

We have more articles to be updated soon. To not miss any updates, Follow us on social networking sites and Subscribe us on our Youtube channel.
November 29, 2015

Post a Comment

[disqus][facebook][blogger]

Contact Form

Name

Email *

Message *

Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget