Understanding SUID, SGID and Sticky bit in Linux

Understanding SUID, SGID and Sticky bit in Linux

There are 3 types of special permission that can be set on files and directories. 

1. SUID permission

2. SGID permission

3. Sticky bit

Set-user Identification (SUID)

Check for the permission of /usr/bin/passwd command :

 

# ls -lrt /usr/bin/passwd

-r-sr-sr-x   1 root     sys        31396 Jan 20  2014 /usr/bin/passwd

or 

# ls -l /bin/su 

-rwsr-xr-x-x 1 root user  16384 Jan 12 2014 /bin/su

If you check cautiously, you would locate the 2 S's in the permission field. The main s represents the SUID and the subsequent one represents SGID. 

When an command or script with SUID bit set is run, its viable UID turns into that of the owner of the file, as opposed to of the user who is running it.

The setuid permission displayed as an “s” in the owner’s execute field.

How to set SUID on a file?

# chmod 4555 [path_to_file]

Note :

If a capital “S” appears in the owner’s execute field, it indicates that the setuid bit is on, and the execute bit “x” for the owner of the file is off or denied.

Set-group identification (SGID)

SGID permission on executable file

SGID permission is like the SUID permission, just contrast is that when the script/command with SGID on is run, it runs as though it were an individual from a similar group where the file is a member.

# ls -l /usr/bin/write

-r-xr-sr-x  1   root tty 11484 Jan 15 17:55 /usr/bin/write

The setgid permission displays as an “s” in the group’s execute field.

Note :

If a lowercase letter “l” appears in the group’s execute field, it indicates that the setgid bit is on, and the execute bit for the group is off or denied.

How to set SGID on a file

# chmod 2555 [path_to_file]

SGID on a directory

– When SGID permission is set on a directory, files created in the directory belong to the group of which the directory is a member.

– For example if a user having write permission in the directory creates a file there, that file is a member of the same group as the directory and not the user’s group.

– This is very useful in creating shared directories.

How to set SGID on a directory

# chmod g+s [path_to_directory]

Sticky Bit

The sticky bit is essentially utilized on shared directories. 

For example,/var/tmp and/tmp in light of the fact that users can make files, read and execute file possessed by different users, however are not permitted to remove files owned by other users.

For instance if user sway makes a file named /tmp/kevin, other user himanshu can not erase this record in any event,even when /tmp permission of  of 777. if sticky bit is not set then user himanshu can erase /tmp/kevin, as the /tmp/kevin file inherits the parent directory permissions.

Note: root user and owner of file can evacuate their own files.

Example of sticky bit :

# ls -ld /var/tmp

drwxrwxrwt  2   sys   sys   512   Jan 26 11:02  /var/tmp

- T refers to when the execute permissions are off.

- t refers to when the execute permissions are on.

How to set sticky bit permission?

# chmod +t [path_to_directory]

or 

# chmod 1777 [path_to_directory]