If you are interested in learning, Request you to go through the below recommended tutorial.
DevOps Full Course Tutorial for Beginners – DevOps Free Training Online
Docker Full Course Tutorial for Beginners – Docker Free Training Online
Kubernetes Full Course Tutorial for Beginners – Kubernetes Free Training Online
Ansible Full Course Tutorial for Beginners – Ansible Free Training Online
Openstack Full Course Tutorial for Beginners – Openstack Free Training Online
Special File Permissions (SetUID, SetGID and Sticky Bit)
1) Set User ID/SetUID i.e. SUID (Can be set on files and directories)
2) Set Group ID/SetGID i.e. SGID (Can be set on files and directories)
3) Sticky Bit (only for directories to prevent deletion)
These permissions are needed to improve security. When these permissions are set, any user who runs that executable file assumes the user ID of the owner (or group) of the executable file.In other words, if an execute program is owned by root and the setuid perm is set, then no matter who executes that program, it runs as if being executed by ‘root’
With the help of “chmod” command we can implement the special permissions on file and directories.
What is SetUID?
SUID / Set User ID/SETUID : Whenever SETUID permission has set on executable files, anyone executing that command (file) will inherit the permissions of the owner of the file.
The SetUID permission displays as an “s” in the owners executable field. For below example, the SETUID permission on the “passwd” and “su” command which provides the access to change the passwd for users.
bash-3.00# ls -ltr /usr/bin/su /usr/bin/passwd
-r-sr-xr-x 1 root sys 25124 Feb 13 2009 /usr/bin/su
-r-sr-sr-x 1 root sys 22644 Aug 6 2010 /usr/bin/passwd
Note: This special permission can be quite dangerous. For example, If you have a SETUID shell which is owned by one user, other user essentially inherit your file permissions by executing it, hence they have the ability to remove all files which owned by the real user.
How to set SETUID on Linux?
# chmod 4555 filename
# chmod u+s filename
In the first command, “4” represents the Value to set SETUID special permission, and other 555 permissions are for owner,group and others respectively. Second command, directly set SETUID to the groups in symbolic way.
What is SetGID?
SGID / Set Group ID : SETGID permission is similar to the SETUID, except that the process’s effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions assigned to that group.
The SetGID permission displays as an “s” in the group executable field. For below example, the SetGID permission has been set on the “write” and “mail” command.
bash-3.00# ls -ltr /usr/bin/mail /usr/bin/write
-r-xr-sr-x 1 root tty 14208 Jan 23 2005 /usr/bin/write
-r-x–s–x 1 root mail 58872 Aug 6 2010 /usr/bin/mail
How to set SETGID on Linux?
# chmod 2555 filename
# chmod g+s filename
In the first command, “2” represents the Value to set SETGID special permission, and other 555 permissions are for owner,group and others respectively. Second command, directly set SETUID to the groups in symbolic way.
What is Sticky Bit?
Sticky Bit : If the directory permission have the sticky bit permission set, then the file can be deleted only by the owner of the file/directory or the root user.This special permission prevents to delete other user’s file from public directories.
bash-3.00# ls -ld /tmp
drwxrwxrwt 10 root sys 854 Sep 18 22:09 /tmp
How to set Sticky Bit on Linux?
# chmod 1777 /var/test/
# chmod o+t /var/test/
In the first command, “1” represents the Value to set Sticky Bit special permission, and other 777 permissions are for owner,group and others respectively. Second command, directly set Sticky Bit to others in symbolic way.
You may see some difference in representing letters of special permissions as uppercase and lowercase. Difference of those special permission are explained below.
–S—— SUID is set, but user (owner) execute permission is not set.
–s—— SUID and user execute persmission are set both.
—–S— SGID is set, but group execute permission is not set.
—–s— SGID and group execute permission are set both.
——–T Sticky bit is set, bot other execute permission is not set.
——–t Sticky bit and other execute permission are both set.
Hope you have got an idea what is Special File Permissions on Linux with Examples.
Related Linux contents that might be useful for you to improve your Linux Skills.
How to Access Linux Server from Windows Remotely
Configure SSH Passwordless Login Authentication (SSH-keygen)
How to Create LVM Partition in Linux – LVM Tutorial
Install & Configure Samba Server on Linux (RHEL7 / CentOS7)
Keep practicing and have fun. Leave your comments if any.
Support Us: Share with your friends and groups.
Stay connected with us on social networking sites, Thank you.
special file permissions, linux special file permissions, change special file permissions, special file permissions in linux, special file permissions explained