Linux Special Permissions: A Comprehensive Guide with Examples

mbayoun95

Murad Bayoun

Posted on February 9, 2024

Linux Special Permissions: A Comprehensive Guide with Examples

Linux, like other Unix-like operating systems, has a robust system of file permissions. In addition to the basic read, write, and execute permissions, there are also three types of special permissions: Set User ID (SUID), Set Group ID (SGID), and Sticky Bit.

Set User ID (SUID)

The SUID permission is a special type of permission that allows a user to execute a file with the permissions of the file owner rather than the user who launched it. This is particularly useful for executables that need to perform tasks that require higher privileges.

For example, consider the passwd command, which is used to change a user's password. This command needs to write to the /etc/shadow file, which is owned by root and not writable by regular users. By setting the SUID bit on the passwd command, users can change their passwords while the passwd command can update the /etc/shadow file.

-rwsr-xr-x 1 root root 68208 Feb 15  2021 /usr/bin/passwd
Enter fullscreen mode Exit fullscreen mode

In the above example, the s in the user's execute field indicates that the SUID bit is set. When a user executes the passwd command, it runs with the permissions of the file's owner (in this case, root).

Set Group ID (SGID)

The SGID permission is similar to the SUID permission, but instead of the user, it affects the group. When the SGID bit is set on a directory, any files created within that directory will inherit the group ownership of the directory, not the primary group of the user who created the file.

For example, consider a directory named /data, which is owned by the staff group. By setting the SGID bit on this directory, any files created within /data will be owned by the staff group.

drwxr-sr-x 2 root staff 4096 Jan 1 12:34 /data
Enter fullscreen mode Exit fullscreen mode

In the above example, the s in the group's execute field indicates that the SGID bit is set. Any files created within /data will be owned by the staff group.

Sticky Bit

The Sticky Bit is a permission that is set on a directory and prevents a user from deleting or renaming files in that directory unless they are the owner of the file or the directory. This is particularly useful for directories like /tmp, which are world-writable but could cause issues if a user could delete or rename files they do not own.

For example, consider the /tmp directory, which is a temporary directory that all users can write to. By setting the Sticky Bit on this directory, users can create files in /tmp, but cannot delete or rename files owned by other users.

drwxrwxrwt 14 root root 4096 Jan 1 12:34 /tmp
Enter fullscreen mode Exit fullscreen mode

In the above example, the t in the everyone's execute field indicates that the Sticky Bit is set. Users can create files in /tmp, but cannot delete or rename files owned by other users.

Setting Special Permissions

You can set these special permissions using the chmod command followed by a numerical value representing the permission: 4 for SUID, 2 for SGID, and 1 for Sticky Bit. For example, to set the SUID bit on a file, you would use:

chmod 4755 filename
Enter fullscreen mode Exit fullscreen mode

In conclusion, Linux's special permissions provide additional flexibility and security when managing file and directory permissions. They allow for more granular control over who can execute files, the ownership of files within a directory, and the ability to delete or rename files.

💖 💪 🙅 🚩
mbayoun95
Murad Bayoun

Posted on February 9, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related