Special permissions on files and directories in linux are : SetUID, SetGID and Sticky bit.With the help of “chmod” command we can implement the special permissions on file and directories.
SUID / Set User ID :
A program is executed with the file owner's permissions (rather than with the permissions of the user who executes it).
SGID / Set Group ID :
Files created in the directory inherit its GID, i.e When a directory is shared between the users , and sgid is implemented on that shared directory , when these users creates directory, then the created directory has the same gid or group owner of its parent directory.
Sticky Bit :
It is used mainly used on folders in order to avoid deletion of a folder and its content by other user though he/she is having write permissions. If Sticky bit is enabled on a folder, the folder is deleted by only owner of the folder and super user(root). This is a security measure to suppress deletion of critical folders where it is having full permissions by others.
When we implement these permissions ,we get the below symbols in permissions field :
|–S——||SUID is set, but user (owner) execute is not set.|
|–s——||SUID and user execute are both set.|
|—–S—||SGID is set, but group execute is not set.|
|—–s—||SGID and group execute are both set.|
|——–T||Sticky bit is set, bot other execute is not set.|
|——–t||Sticky bit and other execute are both set.|
When normal user try to change his/her password , passwd command is used , which is owned by root. This passwd command file will try to edit some system config files such as /etc/passwd, /etc/shadow etc. So passwd command is set with SUID to give root user permissions to normal user so that it can update /etc/shadow and other files.
Assign suid to a File :
# chmod u+s testfile.txt
# chmod 4750 testfile.txt
In this example , 4 indicates SUID bitset, 7 for full permissions for owner, 5 for write and execute permissions for group, and no permissions for others.
SGID Example :
# chmod g+s <file/Directory> OR # chmod 2750 <file/Directory>
Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for write and execute permissions for group, and no permissions for others.
StickyBit Example :
# chmod o+t /opt/ftp-data
# chmod +t /opt/ftp-data
# chmod 1757 /opt/ftp-dta
In this example , 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.
Note : To check the special permissions , use these commands :
# ls -l <file-name> # ls -ld <directory/folder-name>