twitter
Categories:- Unix Commands

Command to Enable/Change the Special Permissions of Files In Linux

 

Special permissions on files and directories in linux are : SetUID, SetGID and Sticky bit.


With the help of “chmod” command  we can implement the special permissions on file and directories.

 

SUID / Set User ID : A program is executed with the file owner's permissions (rather than with the permissions of the user who executes it).

 

SGID / Set Group ID : Files created in the directory inherit its GID, i.e When a directory is shared between the users , and sgid is implemented on that shared directory , when these users creates  directory, then the created directory has the same gid or group owner of its parent directory.

 

Sticky Bit :  It is used mainly used on folders in order to avoid deletion of a folder and its content by other user though he/she is having write permissions. If Sticky bit is enabled on a folder, the folder is deleted by only owner of the folder and super user(root). This is a security measure to suppress deletion of critical folders where it is having full permissions by others.

 

When we implement these permissions ,we get the below symbols in permissions field :

 

Permissions

Meaning

--S------

SUID is set, but user (owner) execute is not set.

--s------

SUID and user execute are both set.

-----S--- SGID is set, but group execute is not set.
-----s---

SGID and group execute are both set.

--------T

Sticky bit is set, bot other execute is not set.

--------t

Sticky bit and other execute are both set.

SUID Example : passwd command

When normal user  try to change his/her  password  , passwd command is used ,  which is owned by root. This passwd command file will try to edit some system config files such as /etc/passwd, /etc/shadow etc. So passwd command is set with SUID to give root user permissions to normal user so that it can update /etc/shadow and other files.

 

 

Assign  suid to a File :

 

# chmod  u+s testfile.txt OR #  chmod 4750  testfile.txt

 

 

In this example , 4 indicates SUID bitset, 7 for full permissions for owner, 5 for write and execute permissions for group, and no permissions for others.

 

SGID Example :

 

# chmod g+s <file/Directory> OR # chmod 2750 <file/Directory>

 

Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for write and execute permissions for group, and no permissions for others.

 

StickyBit Example :

 

# chmod o+t /opt/ftp-data  or # chmod +t /opt/ftp-data OR # chmod 1757 /opt/ftp-dta

 

In this example , 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and ful permissions for others.

 

Note : To check the special permissions , use these commands :

 

# ls   -l  <file-name>


# ls -ld   <directory/folder-name>

Shashi saw on, 2013-07-20 09:28:29
Hello, This is too good. One error in work that is in curly bracket. --------T Sticky bit is set, (bot) other execute is not set.
Post Your Comments
Name:
Email:
Comment: