0
0
Linux CLIscripting~5 mins

Special permissions (setuid, setgid, sticky bit) in Linux CLI - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Sometimes, files and folders need special rules to control who can run them or change them. Special permissions like setuid, setgid, and the sticky bit help with this by giving extra powers or restrictions to users when they use these files or folders.
When you want a program to run with the permissions of its owner, not the user running it, like a password changer.
When you want files created in a shared folder to belong to the folder's group automatically.
When you want to prevent users from deleting or renaming files in a shared folder unless they own the file.
When you want to allow users to run a script with the owner's permissions safely.
When managing shared directories like /tmp where many users write files but should not delete others' files.
Commands
Check the current permissions of the passwd program to see if setuid is set.
Terminal
ls -l /usr/bin/passwd
Expected OutputExpected
-rwsr-xr-x 1 root root 54256 Apr 12 2024 /usr/bin/passwd
-l - Show detailed file permissions and ownership
Set the setuid bit on the passwd program so it runs with the owner's permissions (root).
Terminal
chmod u+s /usr/bin/passwd
Expected OutputExpected
No output (command runs silently)
u+s - Add setuid permission to the file
Set the setgid bit on a shared folder so new files inherit the folder's group.
Terminal
chmod g+s /shared_folder
Expected OutputExpected
No output (command runs silently)
g+s - Add setgid permission to the directory
Set the sticky bit on a shared folder to prevent users from deleting files they do not own.
Terminal
chmod +t /shared_folder
Expected OutputExpected
No output (command runs silently)
+t - Add sticky bit permission to the directory
Verify the special permissions on the shared folder by listing its details.
Terminal
ls -ld /shared_folder
Expected OutputExpected
drwxrwsr-t 5 user group 4096 Apr 27 12:00 /shared_folder
-ld - List directory details without showing contents
Key Concept

If you remember nothing else from this pattern, remember: setuid runs a file as its owner, setgid makes new files inherit group ownership, and the sticky bit protects shared files from being deleted by others.

Common Mistakes
Setting setuid on a directory instead of a file
Setuid only works on executable files, not directories, so it has no effect on directories.
Use setgid on directories to control group inheritance, and setuid only on executable files.
Forgetting to check permissions after setting special bits
You might think the permission changed, but it did not apply correctly or was overwritten.
Always verify with ls -l or ls -ld to confirm the special permissions are set.
Setting sticky bit on files instead of directories
Sticky bit on files is ignored on modern systems; it only works on directories to restrict deletion.
Apply sticky bit only on directories where you want to protect files from deletion by others.
Summary
Use chmod u+s to set the setuid bit so a program runs with its owner's permissions.
Use chmod g+s on directories to make new files inherit the directory's group.
Use chmod +t on shared directories to prevent users from deleting files they do not own.
Verify special permissions with ls -l for files and ls -ld for directories.