Special Permissions: SUID, GUID, and Sticky Bit

Several special permissions in Linux directly map the same permissions of the users, groups, or others to a directory or file. The SUID permission provides the owner permissions (root privileges) to a file without providing the root password, which helps to save the password from everyone. To provide the special permissions, SUID, GUID, and sticky bit are used, which be explained thoroughly in this guide using these supporting topics:

Let’s get into the basics of the special permissions.

What are Special Permissions in Linux?

Special permissions are the permissions that allow additional privileges to a file or directory. The special permissions are of three types that are as follows:

SUID

The SUID stands for Set User ID as the name indicates it sets the file or directory permissions

to the user (owner or root user) permissions. The file or directory with the SUID permissions has additional permissions, the same as the owner permissions. This SUID makes you the root user for that file or directory. The SUID permission has a special numeric value of “4”.

GUID

The GUID is short for Group User ID, which means this permission allows the file or directory to set the same permissions as the group in which that file or directory is present. For instance, a file is a member of a group1, and after setting the GUID to that file, its permissions are the same as the group1 permissions. The GUID permission has a numeric value of “2.

Sticky Bit

The sticky bit permissions are special permissions applicable to the directory only. These special permissions allow the user (owner) to delete only their own directories and can not delete other users’ directories. The sticky bit permissions are very useful in shared folders where users can only delete their own directories. The Sticky bit permission has a numeric value of “1”.

Note: The sticky bit prevents deleting the other user’s directory even if the directory has the 777 permissions.

General Syntax of Setting Special Permissions

To set the SUID, GUID, or Sticky bit special permissions, another extra digit for permission is added before the normal permission. To add or remove special permission with the chmod, the total numeric permission digits length will be 4, which indicates the below syntax:

$ chmod <special-permission><user-permission><group-permission><others-permission> <directory-name>

The details of the above command are as follows:

  • Special-permission: It will change the file or directory SUID, GUID and sticky bit permissions.
  • user-permission: It alters the user (owner) permissions.
  • group-permission: It changes the group permissions.
  • others-permission: It changes the other user’s permissions.

The special permissions values are as follows:

  • SUID=4
  • SGID=2
  • Sticky=1
  • None=0

An alternative way to provide the special permissions is by using the symbol methods:

$ chmod u+s <file-name>
$ chmod g+s <file-name>
$ chmod o+t <directory-name>

Remember that the normal values for chmod permissions for reading are “4”, writing is “2”, and executing is “1”.

How to Set SUID Permission to a File or Directory?

The SUID permission file or directory will have the same permissions as the owner’s permissions. Multiple built-in directories have SUID permissions. For example, the “/usr/bin/passwd” has the SUID permission, which can be checked using the list directions “ls” command:

$ ls -l /usr/bin/passwd

The “s” permission instead of the execute (x) permission shows that the directory has the SUID set User ID permissions. It shows that this file has similar execute permissions to the owner; if the owner has to execute permissions, the file will have to execute permissions.

Note: The default color of the SUID permissions file will be displayed in “red” color.

Similarly, the “/bin/su” directory has built-in SUID permissions that can be checked using the following ls command:

$ ls -l /bin/su

The “s” in the file permissions represent the SUID permission.

To set the SUID permissions to a file, we can use the “4” numeric value of the SUID before the normal chmod permissions. For instance, check the testfile.txt file that has the following permissions:

$ ls -l testfile.txt

The testfile.txt permissions in numeric are 6 (read + write), 6 (read + write), and 4 (read-only).

To change the testfile.txt current permissions (664) to the SUID permissions, use the 4 numeric values of SUID before the normal permissions with the chmod command shown below:

$ chmod 4664 testfile.txt

The output shows that “S” is set to the SUID permissions. The Uppercase “S” means the owner does not have to execute permission, so this file is.

If the owner had the execute permissions, the SUID permission would be Lowercase “s”.

Alternatively, the file named “testfile.txt” can be provided SUID permissions using the symbolic method by using the following command:

Note: The u represents the user, g represents the group, and o represents others.

$ chmod u+s testfile.txt

The testfile.txt has the SUID permissions after using the chmod “u+s” symbolic method command.

To set the SUID permissions to a directory, the below general syntax is used:

$ chmod 4xxx <directory-name>
$ chmod u+x <directory-name>

Both commands will add the special permissions SUID to the specified directory.

For example, to provide the SUID permissions to a directory named “testfolder”, the below command numeric method command:

$ chmod 4775 testfoler

By using the “4” before the previous file permissions, the testfolder permissions are changed to SUID.

The above testfolder can be given the SUID permissions using the symbol method by running the below command in the terminal:

$ chmod u+s testfolder

The SUID special permission is given to the testfolder directory.

Moreover, to remove the SUID permissions from a file or folder, you can use the below commands:

$ chmod u-s <file-name>
$ chmod 0xxx <file-name>

How to Set GUID Permission to a File or Directory?

The GUID permission file runs with the permission of the group. For example, to give the GUID permissions to a file, use the GUID numeric value “2” before the normal permission as shown below:

$  chmod 2xxx <file-name>

For instance, to provide the GUID permissions to a file named “testfile2”, use the below command:

$ chmod 2664 testfile2

The testfile2 has GUID permission.

Alternatively, to give GUID permissions to testfile2 using the symbolic method, execute the following command:

$ chmod g+s testfile2

The testfile2 has given the GUID permissions.

Similarly, to give the GUID permissions to a folder, you can use the below commands:

$ chmod 2xxx <folder-name>
$ chmod g+s <folder-name>

To remove the GUID permissions from a file, run the following command:

$ chmod g-s <folder-name>

How to Set Sticky Bit Permission to a Directory?

The sticky key permissions can only delete its own directories, not others, and this permission can be provided by prefixing its numeric value “1” with the regular directory permissions. The “t” symbol denotes the sticky key permission. To change the permission of a directory, these commands are utilized:

$ chmod 1xxx <directory-name>
$ chmod o+s <directory-name>

For example, to give the “sticky bit” permissions to the directory named “testfolder”, run the following command:

$ chmod 1775 testfolder

The testfolder directory is given the sticky bit permissions.

Another way to give the “sticky bit” permissions to the directory named “testfolder” is by using the symbol method as done below:

$ chmod o+t testfolder

To revoke the sticky bit permissions from a directory, we can use the below comamnd:

$ chmod o-t <directory-name>

How to Provide SUID, GUID, and Sticky Bit Permissions Combined?

We can provide the SUID, GUID, and sticky bit permissions together by adding its numeric values or by combining the symbolic method values of the files or directories.

To provide SUID (4) and GUID (2) permissions together, use these commands:

$ chmod 6*** <file-name>
$ chmod ug+s <file-name>

To provide the SUID (4) and sticky bit (1) permissions together, run below command:

$ chmod 5*** <folder-name>

To provide SUID, GUID, and sticky permissions to a directory, use the following command:

$ chmod 7*** <folder-name>

This is all about the special permissions in Linux.

Conclusion

The special permissions in Linux are of three types, that are SUID, GUID and Sticky bit. The SUID permissions are the same as the user (owner), the GUID permission is similar to the group, and sticky permission gives to delete directories for yourself only, not for others. The write-up explains different ways to set and change the SUID, GUID, and Sticky bit permissions.