Skip to content

What is SetUID、SetGID and Sticky bit

homepage-banner

Function

  1. SetUID: Allows the user executing the command to execute it with the permissions of the owner of the command.
  2. SetGID: Allows the user executing the command to execute the program with the group identity elevated to the program file’s group.
  3. Sticky bit: Except for the file creator and root user, other users cannot modify or delete the file.

Examples

SetUID example: /usr/bin/passwd

ll /usr/bin/passwd

-rwsr-xr-x 1 root root 33K Apr  6  2020 /usr/bin/passwd

SetGID example: /usr/bin/crontab

ls -ahl /usr/bin/crontab

-rwxr-sr-x 1 root crontab 43K Oct 11  2019 /usr/bin/crontab

Sticky bit example: /tmp

drwxrwxrwt  13 root root  16K Sep 14 14:09 tmp

Setting special permissions

chmod u+s xxx # set setuid permission
chmod g+s xxx # set setgid permission
chmod o+t xxx # set sticky bit permission, for directories only
chmod 4775 xxx # set setuid permission
chmod 2775 xxx # set setgid permission
chmod 1775 xxx # set sticky bit permission, for directories only

Uppercase and lowercase meanings

  • Uppercase: The original file/directory does not have execute (x) permission, and usually this setting does not take effect.
  • Lowercase: The original file/directory has execute (x) permission.

linux-special-permissions-uppercase-lowercase.png

For example:

Original file: -rwxr-xr-x

Adding SetUID results in 4755

Becomes: -rwsr-xr-x

Another example:

Original file: -rwxr--r--

Adding SetGID results in 2744

Becomes: -rwxr-Sr--

The sticky bit follows the same rule.

Reference

  • https://linuxhandbook.com/suid-sgid-sticky-bit/
Leave a message