Wednesday, March 2, 2016

special permission setuid setgid sticky bit

Linux offers three types of special permission bits that may be set on executable files or directories to allow them to respond differently for certain operations:

setuid (set user identifier) bit:

When setuid bit is set on executable file at the file owner level, the file is executed by other regular users with the same privileges as that of the file owner.

# chmod 4755


# chmod u+s

# ls -l

-rwsr-xr-x. 1 root root 0 Jan 23 16:37

# find . -perm -4000


setgid (set group identifier) bit:

When setgid attribute is set on executable files at the group level, the file is executed by non-owners with the exact same privileges that the group members have. The setgid bit can also be set on group-shared directories to allow files and sub-directories created in that directory to automatically inherit the directory's owning group.

# chmod 2555 test


# chmod g+s test

# ls -ld test

dr-xr-sr-x. 2 root root 6 Jan 23 16:40 test

# find . -perm -2000


sticky bit:

The sticky bit is set on public writable directories (or other directories with rw permission for everyone) to protect files and sub-directories owned by regular users from being deleted or moved by other regular users.

# chmod 1755 test


# chmod o+t test

# ls -ld test

drwxr-x--T. 2 root root 6 Jan 23 16:46 test

# find . -perm -1000



RHCSA & RHCE Red Hat Enterprise Linux 7: Training and Exam Preparation Guide (EX200 and EX300), Third Edition

No comments: