Linux Special permissions – SUID, SGID and Sticky bit

Special permissions in Linux constitute a fourth permission type in addition to the basic user, group, and other types. As the name implies, these permissions provide additional access-related features over and above what the basic permission types allow. In this tutorial you will learn about special permissions.

Linux Special permissions

  • suid
  • sgid
  • sticky bit

SUID(s):

If SUID bit is set on a file or directory and user executed it. The process will have the same rights as the owner of the file being executed.

For example:

passwd command has SUID bit enabled. When a normal user changes his password, this script update few system files like /etc/shadow which can’t be updated by non-root account. So the passwd command process always run with root user rights.

# chmod 4655 file.txt
# ls -l file.txt 
-rwSr-xr-x. 1 root root 0 May  1 14:00 file.txt
# ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 27856 Aug  9  2019 /usr/bin/passwd

SGID(s):

Same as SGID, the process will have the same group rights of the file being executed. If SGID bit is set on any directory, all the sub directories and files created inside will get the same group ownership as the main directory, it doesn’t matter who is creating it.

# chmod 2777 /test
# ls -ld /test/
drwxrwsrwx. 2 root root 6 May  1 14:02 /test/

Sticky bit:

Sticky bit is mainly used on folders in order to avoid deletion of a folder and its content by other users even though they have write permissions on the folder contents. If Sticky bit is enabled on a folder, the folder contents are deleted only by the owners who created them or the root user.

# ls -lrtd /tmp
#  ls -lrtd /tmp
drwxrwxrwt. 10 root root 4096 May  1 03:43 /tmp

If it is small t then permission is rwx and if it is T then permission is wr, same for small s rwx and S rw.

# chmod 1777 /test2
# ls -ld /test2/
drwxrwxrwt. 2 root root 6 May  1 14:03 /test2/

That’s all in this article, Please share with your peers.

Leave a Reply

Your email address will not be published. Required fields are marked *