BCE-C712 Linux System Administration

0 of 75 lessons complete (0%)
Exit Course

Overview of Permissions

Special Permissions (Setuid, Setgid, Sticky Bit)

You don’t have access to this lesson

Please register or sign in to access the course content.

Setting Setuid Permission

The setuid permission allows a program to run with the permissions of the file owner.

chmod u+s file

For example, to set the setuid permission on an executable file named program, you can use:

chmod u+s program

The command chmod u+s file sets the Set User ID (SUID) bit on a file. When this bit is set on an executable file, it allows users to run the file with the file owner’s permissions, rather than with the permissions of the user who is running the file.

Explanation:

  • chmod: This command is used to change the file permissions.
  • u+s: This option sets the SUID bit for the user (owner of the file).
  • file: The file on which you want to apply the SUID bit.

Example:

If a file script.sh has the SUID bit set using chmod u+s script.sh, and the owner of the file is root, when any user executes the file, it will run with root‘s privileges instead of the privileges of the user who executed it.

This can be useful for certain scripts or programs that need elevated privileges to perform specific tasks, but it can also be a security risk if not managed carefully.

Setting Setgid Permission

The setgid permission ensures that files created in a directory inherit the group ownership of the directory, rather than the user’s default group.

chmod g+s directory
  • g+s: This sets the setgid permission for the group.

For example, to set the setgid permission on a directory named shared, you can use:

chmod g+s shared

The command chmod g+s directory sets the Set Group ID (SGID) bit on a directory. When the SGID bit is set on a directory, any files or subdirectories created within that directory inherit the group ownership of the directory, rather than the primary group of the user who created the file.

Explanation:

  • chmod: This command is used to change the file permissions.
  • g+s: This option sets the SGID bit for the group.
  • directory: The directory on which you want to apply the SGID bit.

Key Points:

  1. Group Inheritance: Normally, when a user creates a file or directory, it belongs to the user’s primary group. However, when the SGID bit is set on a directory, any new files or subdirectories inside it will inherit the group of the parent directory instead of the user’s primary group.
  2. Collaborative Workflows: This is especially useful in collaborative environments where multiple users need to work in the same directory and want to ensure that all files are owned by the same group.

Example:

If a directory shared_folder has the SGID bit set using chmod g+s shared_folder, and the group ownership of shared_folder is team, any files or directories created inside shared_folder will automatically have team as the group owner, regardless of which user created them.

Setting the Sticky Bit

The sticky bit ensures that only the file owner can delete or rename their files in a directory.

chmod +t directory
  • +t: This sets the sticky bit.

For example, to set the sticky bit on a directory named uploads, you can use:

chmod +t uploads

The command chmod +t directory sets the sticky bit on a directory. When the sticky bit is set on a directory, only the file’s owner, the directory’s owner, or the root user can delete or rename the files within that directory, regardless of the file’s permissions.

Explanation:

  • chmod: This command is used to change file or directory permissions.
  • +t: This option adds the sticky bit to the directory.
  • directory: The directory on which you want to apply the sticky bit.

Key Points:

  1. File Deletion Protection: Normally, in a directory with write permissions, any user who has write access to the directory can delete or rename any file in it, even if they don’t own the file. However, when the sticky bit is set, only the owner of the file (or directory) or the root user can delete or rename files.
  2. Common Use Case: The sticky bit is commonly used in directories like /tmp, where many users have write access. It prevents one user from deleting or renaming another user’s files, even though all users have write access to the directory.

Example:

If a directory /shared_folder has the sticky bit set using chmod +t /shared_folder, and multiple users have write access to this directory, only the owner of a file inside /shared_folder or the root user can delete or rename that file. Other users cannot delete or modify each other’s files, even if they have write access to the directory.

This ensures a level of security and control in shared directories.

These commands and options are fundamental to managing permissions on a Linux system. Understanding them allows you to control access and secure your system effectively.