Linux, like other Unix-like operating systems, has a robust system of file permissions. In addition to the basic read, write, and execute permissions, there are also three types of special permissions: Set User ID (SUID), Set Group ID (SGID), and Sticky Bit.
Set User ID (SUID)
The SUID permission is a special type of permission that allows a user to execute a file with the permissions of the file owner rather than the user who launched it. This is particularly useful for executables that need to perform tasks that require higher privileges.
For example, consider the passwd
command, which is used to change a user's password. This command needs to write to the /etc/shadow
file, which is owned by root and not writable by regular users. By setting the SUID bit on the passwd
command, users can change their passwords while the passwd
command can update the /etc/shadow
file.
-rwsr-xr-x 1 root root 68208 Feb 15 2021 /usr/bin/passwd
In the above example, the s
in the user's execute field indicates that the SUID bit is set. When a user executes the passwd
command, it runs with the permissions of the file's owner (in this case, root
).
Set Group ID (SGID)
The SGID permission is similar to the SUID permission, but instead of the user, it affects the group. When the SGID bit is set on a directory, any files created within that directory will inherit the group ownership of the directory, not the primary group of the user who created the file.
For example, consider a directory named /data
, which is owned by the staff
group. By setting the SGID bit on this directory, any files created within /data
will be owned by the staff
group.
drwxr-sr-x 2 root staff 4096 Jan 1 12:34 /data
In the above example, the s
in the group's execute field indicates that the SGID bit is set. Any files created within /data
will be owned by the staff
group.
Sticky Bit
The Sticky Bit is a permission that is set on a directory and prevents a user from deleting or renaming files in that directory unless they are the owner of the file or the directory. This is particularly useful for directories like /tmp
, which are world-writable but could cause issues if a user could delete or rename files they do not own.
For example, consider the /tmp
directory, which is a temporary directory that all users can write to. By setting the Sticky Bit on this directory, users can create files in /tmp
, but cannot delete or rename files owned by other users.
drwxrwxrwt 14 root root 4096 Jan 1 12:34 /tmp
In the above example, the t
in the everyone's execute field indicates that the Sticky Bit is set. Users can create files in /tmp
, but cannot delete or rename files owned by other users.
Setting Special Permissions
You can set these special permissions using the chmod
command followed by a numerical value representing the permission: 4
for SUID, 2
for SGID, and 1
for Sticky Bit. For example, to set the SUID bit on a file, you would use:
chmod 4755 filename
In conclusion, Linux's special permissions provide additional flexibility and security when managing file and directory permissions. They allow for more granular control over who can execute files, the ownership of files within a directory, and the ability to delete or rename files.
Top comments (0)