This post will help you to understand about Special File Permissions (SetUID, SetGID and Sticky Bit) on Linux.
If you are interested in learning, Request you to go through the below recommended tutorial.
DevOps Full Course Tutorial for Beginners - DevOps Free Training Online
Docker Full Course Tutorial for Beginners - Docker Free Training Online
Kubernetes Full Course Tutorial for Beginners - Kubernetes Free Training Online
Ansible Full Course Tutorial for Beginners - Ansible Free Training Online
Openstack Full Course Tutorial for Beginners - Openstack Free Training Online
Docker Full Course Tutorial for Beginners - Docker Free Training Online
Kubernetes Full Course Tutorial for Beginners - Kubernetes Free Training Online
Ansible Full Course Tutorial for Beginners - Ansible Free Training Online
Openstack Full Course Tutorial for Beginners - Openstack Free Training Online
We have already explained you about the default file permissions in linux (http://www.learnitguide.net/2015/11/linux-files-and-file-permission.html).
Special File Permissions (SetUID, SetGID and Sticky Bit)
Apart from default file permissions in linux, there are three types of special permissions in LINUX.
1) Set User ID/SetUID i.e. SUID (Can be set on files and directories)
2) Set Group ID/SetGID i.e. SGID (Can be set on files and directories)
3) Sticky Bit (only for directories to prevent deletion)
These permissions are needed to improve security. When these permissions are set, any user who runs that executable file assumes the user ID of the owner (or group) of the executable file.In other words, if an execute program is owned by root and the setuid perm is set, then no matter who executes that program, it runs as if being executed by 'root'
With the help of “chmod” command we can implement the special permissions on file and directories.
What is SetUID?
1) Set User ID/SetUID i.e. SUID (Can be set on files and directories)
2) Set Group ID/SetGID i.e. SGID (Can be set on files and directories)
3) Sticky Bit (only for directories to prevent deletion)
These permissions are needed to improve security. When these permissions are set, any user who runs that executable file assumes the user ID of the owner (or group) of the executable file.In other words, if an execute program is owned by root and the setuid perm is set, then no matter who executes that program, it runs as if being executed by 'root'
With the help of “chmod” command we can implement the special permissions on file and directories.
What is SetUID?
SUID / Set User ID/SETUID : Whenever SETUID permission has set on executable files, anyone executing that command (file) will inherit the permissions of the owner of the file.
The SetUID permission displays as an “s” in the owners executable field. For below example, the SETUID permission on the “passwd” and "su" command which provides the access to change the passwd for users.
bash-3.00# ls -ltr /usr/bin/su /usr/bin/passwd
-r-sr-xr-x 1 root sys 25124 Feb 13 2009 /usr/bin/su
-r-sr-sr-x 1 root sys 22644 Aug 6 2010 /usr/bin/passwd
bash-3.00#
Note: This special permission can be quite dangerous. For example, If you have a SETUID shell which is owned by one user, other user essentially inherit your file permissions by executing it, hence they have the ability to remove all files which owned by the real user.
How to set SETUID on Linux?
Syntax is
# chmod 4555 filename
or
# chmod u+s filename
In the first command, "4" represents the Value to set SETUID special permission, and other 555 permissions are for owner,group and others respectively. Second command, directly set SETUID to the groups in symbolic way.
What is SetGID?
SGID / Set Group ID : SETGID permission is similar to the SETUID, except that the process's effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions assigned to that group.
The SetGID permission displays as an “s” in the group executable field. For below example, the SetGID permission has been set on the “write” and "mail" command.
bash-3.00# ls -ltr /usr/bin/mail /usr/bin/write
-r-xr-sr-x 1 root tty 14208 Jan 23 2005 /usr/bin/write
-r-x--s--x 1 root mail 58872 Aug 6 2010 /usr/bin/mail
bash-3.00#
How to set SETGID on Linux?
Syntax is
# chmod 2555 filename
or
# chmod g+s filename
In the first command, "2" represents the Value to set SETGID special permission, and other 555 permissions are for owner,group and others respectively. Second command, directly set SETUID to the groups in symbolic way.
What is Sticky Bit?
Sticky Bit : If the directory permission have the sticky bit permission set, then the file can be deleted only by the owner of the file/directory or the root user.This special permission prevents to delete other user’s file from public directories.
bash-3.00# ls -ld /tmp
drwxrwxrwt 10 root sys 854 Sep 18 22:09 /tmp
bash-3.00#
How to set Sticky Bit on Linux?
Syntax is
# chmod 1777 /var/test/
or
# chmod o+t /var/test/
In the first command, "1" represents the Value to set Sticky Bit special permission, and other 777 permissions are for owner,group and others respectively. Second command, directly set Sticky Bit to others in symbolic way.
You may see some difference in representing letters of special permissions as uppercase and lowercase. Difference of those special permission are explained below.
Permissions Descriptions
--S------ SUID is set, but user (owner) execute permission is not set.
--s------ SUID and user execute persmission are set both.
-----S--- SGID is set, but group execute permission is not set.
-----s--- SGID and group execute permission are set both.
--------T Sticky bit is set, bot other execute permission is not set.
--------t Sticky bit and other execute permission are both set.
Hope you have got an idea what is Special File Permissions on Linux with Examples.
Related Linux contents that might be useful for you to improve your Linux Skills.
){kind=link}
0 Comments