Setgid and Sticky bit in Linux

Special permissions on files and directories in linux are : SetUIDSetGID and Sticky bit.

With the help of “chmod” command  we can implement the special permissions on file and directories.

SUID / Set User ID : A program is executed with the file owner’s permissions (rather than with the permissions of the user who executes it).

SGID / Set Group ID : Files created in the directory inherit its GID, i.e When a directory is shared between the users , and sgid is implemented on that shared directory , when these users creates  directory, then the created directory has the same gid or group owner of its parent directory.

Sticky Bit :  It is used mainly used on folders in order to avoid deletion of a folder and its content by other user though he/she is having write permissions. If Sticky bit is enabled on a folder, the folder is deleted by only owner of the folder and super user(root). This is a security measure to suppress deletion of critical folders where it is having full permissions by others.

When we implement these permissions ,we get the below symbols in permissions field :
–S—— SUID is set, but user (owner) execute is not set.
–s—— SUID and user execute are both set.
—–S— SGID is set, but group execute is not set.
—–s— SGID and group execute are both set.
——–T Sticky bit is set, bot other execute is not set.
——–t Sticky bit and other execute are both set.

SUID Example : passwd command
When normal user  try to change his/her  password  , passwd command is used ,  which is owned by root. This passwd command file will try to edit some system config files such as /etc/passwd, /etc/shadow etc. So passwd command is set with SUID to give root user permissions to normal user so that it can update /etc/shadow and other files.
Assign  suid to a File :

# chmod  u+s testfile.txt OR #  chmod 4750  testfile.txt

In this example , 4 indicates SUID bitset, 7 for full permissions for owner, 5 for write and execute permissions for group, and no permissions for others.

SGID Example :

# chmod g+s OR # chmod 2750 

Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for write and execute permissions for group, and no permissions for others.

StickyBit Example : 

# chmod o+t /opt/ftp-data  or # chmod +t /opt/ftp-data OR # chmod 1757 /opt/ftp-dta

In this example , 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and ful permissions for others.

Note : To check the special permissions , use these commands :

# ls   -l  

# ls -ld  


It's only fair to share...Tweet about this on Twitter
Share on Google+
Share on Facebook
Share on LinkedIn
Email this to someone
WP Twitter Auto Publish Powered By :