In Linux, SUID, SGID, and the Sticky Bit are special permissions used to control access to files and directories. In this tutorial we will have the understanding of how SUID, SGID, and the Sticky Bit work.
Table of Contents
SUID:
The SUID (Set User ID) permission allows users to execute a file with the file owner’s permissions. For example, imagine User1 has created a program that reads reports from a folder located at /usr/local/reports. User1 wants User2 to help with the reports but doesn’t want to give him full access to the folder. By setting the SUID bit, User2 can run the program and access the reports using User1’s permissions, without gaining full access to the folder. This is useful when you need to grant specific privileges without giving full control over the owner’s account.
The SUID bit is represented by an s in the user’s execute permission (e.g., rws instead of rwx). You can check the permissions using simple ls command:
ls -alIn order to set SUID for the file we can use the below command:
chmod 4664 file.txt
SGID:
SGID (Set Group ID) is similar, but applies to groups. If the program belongs to a group, say “reports”, both User2 and User1 can run it using the group’s permissions. Any files created in the folder will also inherit the group ownership, making SGID handy for group collaborations.
In order to set the SGID you can use the below command:
chmod 2664 file2.txtThe SUID bit is represented by an S in the group’s execute permission (e.g., rws instead of rwx). You can check the permissions using simple ls command:
Sticky Bit:
The Sticky Bit is a special permission typically set on directories. It prevents users from deleting files they don’t own. For instance, if User1 creates a file in the /usr/local/reports directory with the Sticky Bit set, only user1, the directory owner, or the root user can delete it, even if others have write access to the directory. This ensures file security in shared environments.
In order to set the sticky bit we can use the below command:
chmod 1446 file3.txtWe can check the permissions using ls -l command.
These permissions help control access, allowing users to execute files or manage directories with the correct privileges without compromising security.
The sticky bit is mainly used on shared directories. It ensures that even if users can create files in a directory, only the file’s owner or root can delete or modify them. This is particularly useful in shared directories like /tmp.
Let’s create the test directory and set the sticky bit on it.
chmod 1755 sticky_test/
How to set both SUID and SGID on a file:
We can also assign both SUID and the SGID to the file. The SUID value is 4, and SGID is 2, so combined, the leading digit becomes 6. We can use below command to assign both SUID and SGID to the file:
chmod 6664 file4.txt
Also, take note that if the file has execute permissions for the user or group, then instead of an uppercase “S,” you will see a lowercase “s” in the file’s permission string. This indicates that both the SUID or SGID bit and the execute bit are set for that file. In contrast, if the execute permission is missing, an uppercase “S” will appear, signifying that the SUID or SGID bit is set without the execute bit.
I hope this article has provided you with a clear and in-depth understanding of SUID, SGID, and the Sticky Bit in Linux. These special permissions are crucial for controlling access and managing file security in a multi-user environment. Whether you’re configuring user permissions or ensuring secure collaboration in shared directories, mastering these concepts is essential for effective system administration.
If you’re eager to dive deeper into Linux and explore more advanced topics, be sure to check out the other articles on our website. We offer a wealth of information to help you expand your Linux knowledge and sharpen your skills as a system administrator. Keep exploring, learning, and growing with us—visit our site for more insightful Linux tutorials and guides!