Linux Permissions – Special Permissions

L

In addition to the usual Linux permissions I have described in a previous article, there is also the possibility for us to set up special permissions for files and folders with one bit.

These special permissions are:

Set User ID (SUID)

SUID option is used for executable files. It tells the Linux system to run the program with the permissions of the owner (owner), not the one who executes them.

For example, if a file is owned by root and has the SUID bit set, the program will run with root privileges and can therefore access any file on your computer – this may be a very serious security issue!

The programs (executables) that have the SUID bit set are indicated by a s in the execution position in the owner permission group (use the command ls -l).

Set Group ID (SGID)

The SGID option is similar to SUID, but it is set for the execution position in the group permission set. It is noted with s whether the file or directory has a group execution right and with S if the file or directory is not executable for the group (in the latter case the setting of this bit will not work):

-rwxr-sr-x

drwxr-Sr-x

SGID has different effects, depending on the type of file to which it applies:

• if it is being applied to an ordinary executable file, it will run with the rights of the group that owns the file and not with the primary user group that is running it;
• if it is being applied to a directory, newly created files and subdirectories in this directory (which has set the SGID bit) will inherit the permissions of the directory’s group owner rather than the user who creates them.

This special permission is especially used for folders, especially for creating shared folders.

Sticky bit

The sticky bit is used to protect files from a folder that has more users (such as /tmp) from those who do not own them. When this bit is present in a directory, the files inside it can be deleted only by the owner (who created them) or the root.

The sticky bit is marked with the letter t on the right of execution for others:

drwxrwxrwt

If the directory is not executable for the other, but has the sticky bit set, it will appear marked with T.

How to allocate SUID, SGID, and the sticky bit

Typically, regular permissions are allocated with 3 digits on Base 8.

SUID, SGID, and sticky bit permissions correspond to the following bits:

1 – sticky bit permission

2 – SGID

4 – SUID

The following command assigns 644 permission to a file:

chmod 644 file

Linux treats 644 as, in fact, 0644. If we use 4 digits, Linux will consider that we want to allocate special permissions. Let’s suppose we want to allocate the following special permissions (the sum of the bits shown above for special permissions will be used):

• both SUID and SGID permissions – we will use the fourth digit (the front one) 6
• all three special permissions (SUID, SGID and sticky bit) – we use the fourth digit 7
• only SUID and sticky bit – we will use the fourth digit 5

About the author

Ilias spiros
By Ilias spiros

Recent Posts

Archives

Categories