Linux offers some special permissions i.e SUID, SGID, and sticky bit apart from the basic “r(read)w(write)x(execute)”. These permissions allow the non-root user to perform different tasks on the file/directory that can only be accessed by the root user. Once these permissions are set, the normal user can access the specific file/directory without superuser privileges i.e “sudo”.
This post explains the basic objective and working of the SUID, SGID, and sticky bit permissions in Linux.
What is SUID (Set-User Identification)?
The “SUID” stands for “Set-User Identification”. It acts as a permission flag that allows the non-root users(normal users) to run executable files with the same permissions as the root user.
Example:
The executable binary file “/usr/bin/passwd” of the “passwd” command already comes with the “SUID” permissions. With the help of “SUID”, normal users can access these files without root user authentication and change their password.
Execute the “ls” command followed by the “-l(list)” flag to check the “/usr/bin/passwd” file permissions:
$ sudo ls -l /us/bin/passwd
The first part of the “ls” command shows the file permissions i.e “r(read)”, “w(write)”, “s(SUID)”, and “x(execute)”.
How to Set SUID?
To set the “SUID” permissions flag to any executable file, utilize the “chmod” command. It can set the file/directory permissions using “symbols” or the “octal” values.
The “symbols” are alphabetical characters that denote the file/directory permission based on their names like “w for write”, “x for execute”, and “ r for read”.
On the other hand the “octal values” are the numeric values specified for each type of permission such as “read=4”, “write=2”, “execute=1”, “read+write+execute=7”, and so on.
Let’s discuss both of them one by one.
Using Symbolic Method:
Specify the “u(user)” and the “(s)SUID” permission flag combined with the “+(add)” operator via the “chmod” command. It sets the SUID permissions to the “File1.txt” executable file:
$ chmod u+s File1.txt
The “chmod” command has now enabled “r(read), “w(write)”, “s(SUID)”, permissions for normal users and only “(r)read” permissions for “group”.
Using Octal Values
The octal values specify a particular digit for each file permissions symbols like (r)read=4, (w)write=2, (x)execute=1, and s(SUID)=4.
Run the “chmod” command to set the SUID permissions of “File1.txt” with the “4(r)7(r+w+x)4(r)4(r)” octal values:
$ chmod 4744 File1.txt
$ ls -l File1.txt
The “File1.txt” is now enabled with “SUID” permissions using “octal” values.
How to Remove SUID Using “Symbols”?
Once the “SUID” permission is set, it can be simply removed by just using the “-(remove)” operator between the “u(user) and s(SUID)” flags:
$ chmod u-s File1.txt
$ ls -l File1.txt
The “(s)SUID” permission has been removed from “File1.txt”.
How to Remove SUID Using “Octal” Values?
Apart from the symbolic method, the octal values can also be used for the removal of SUID permission.
Execute the “chmod” command and specify the “0(no permission)” numeric value to remove the SUID permission of File1.txt:
$ chmod 0744 File1.txt
The “chmod” command has removed the “SUID” permissions from the “File1.txt” that is denoted by “0” value.
What is SGID (Set-Group Identification)?
The “SGID” stands for “Set-group Identification”. It assigns the same group id to the file/directory. If the directory has SGID permission, then all its files and subdirectories will have the same group ownership as the root user.
Example:
The “/var/local”(stores variable data) directory has SGID permissions that can be checked through the “ls -ld (directory)” command:
$ ls -ld /var/local
In the highlighted permissions “drwxrwsr-x” the “s” denotes the SGID.
How to Set SGID?
Same as the SUID, the SGID permission can also be set using “symbolic”, and “octal” values of the “chmod” command.
Using Symbolic Method
To set the SGID permission on the specified directory, use the “g(group)” and the “(s)SGID” permission flag with the “+(add)” operator. After that, use the “chmod” command by specifying the “Sample” directory:
$ chmod g+s Sample
The SGID permission i.e “s” of the “Sample” directory, has been set recursively.
Using Octal Values
The numeric value “2” is always used for the SGID permission. Set the “2775” permissions to the “Sample” directory using the “chmod” command:
$ chmod 2775 Sample
The output confirms that the “Sample” directory has the same group ownership as the root user.
How to Remove SGID Using “Symbols”?
To remove the “SGID” permission of the “Sample” directory, use the “-(remove)” operator between the “g and s” flag of the “chmod” command:
$ chmod g-s Sample
The “SGID” permission has been disabled from the “Sample” directory.
How to Remove SUID Using “Octal” Values?
To remove the SGID permission of the Sample directory, run the “chmod” command with the “0(no permission)” numeric value:
$ chmod 0775 Sample
The “chmod” command has removed the “SGID” permissions of the “Sample” directory.
What is Sticky Bit?
The “sticky bit” is a special type of permission for a file/directory. If the sticky bit permission is enabled in the directory, then only the root user can delete or rename its content or the user who has its write permissions.
Example:
The “sticky bit” is generally enabled on the “/tmp” directory that contains the temporary files. Let’s check its permissions using the “ls -ld” command:
$ ls -ld /tmp
The “t” symbol denotes the sticky bit permission, i.e., only the root user can remove/delete the temporary files created by other normal users.
How to Set a Sticky Bit?
The “sticky bit” also requires the “chmod” command either using the “symbols” or the “octal” values to set it on a directory.
Using Symbolic Method
To set the sticky bit permission of an existing “Trash” directory, use the “t” flag and the “+(add)” operator with the “chmod” command:
$ chmod +t Trash
The sticky bit permission has been enabled on the “Trash” directory for its associated group.
Using Octal Values
The numeric value “1” is always specified for the sticky bit permission. Specify the “1775” permissions to the “Trash” directory:
$ chmod 1775 Trash
It is confirmed that the “Trash” directory has the sticky bit permission.
How to Remove Sticky Bit Using “Symbols”?
To remove the sticky bit permission on the “Trash” directory, use the “-(remove)” operator with the “t” flag of the “chmod” command:
$ chmod -t Trash
The “SGID” permission has been removed from the “Trash” directory.
How to Remove SUID Using “Octal” Values?
Same as the SUID and SGID, specify the “0(no permission)” numeric value with the “chmod” command to remove the sticky bit permissions:
$ chmod 0775 Trash
The sticky bit permissions have been disabled in the “Trash” directory.
Conclusion
In Linux, the SUID permission runs the executable files/programs as a root user. The SGID provides the same group ownership of any file/directory recursively as the root user. On the other hand, the “Sticky bit” is different from the SGID and the SUID as it allows the normal user to delete the file inside the ”/tmp” directory.
This post has illustrated the objective, working, and usage of SUID, SGID, and sticky bit permissions.
