What is SetUID、SetGID and Sticky bit
Function
SetUID
: Allows the user executing the command to execute it with the permissions of the owner of the command.SetGID
: Allows the user executing the command to execute the program with the group identity elevated to the program file’s group.Sticky bit
: Except for the file creator and root user, other users cannot modify or delete the file.
Examples
SetUID
example: /usr/bin/passwd
ll /usr/bin/passwd
-rwsr-xr-x 1 root root 33K Apr 6 2020 /usr/bin/passwd
SetGID
example: /usr/bin/crontab
ls -ahl /usr/bin/crontab
-rwxr-sr-x 1 root crontab 43K Oct 11 2019 /usr/bin/crontab
Sticky bit
example: /tmp
drwxrwxrwt 13 root root 16K Sep 14 14:09 tmp
Setting special permissions
chmod u+s xxx # set setuid permission
chmod g+s xxx # set setgid permission
chmod o+t xxx # set sticky bit permission, for directories only
chmod 4775 xxx # set setuid permission
chmod 2775 xxx # set setgid permission
chmod 1775 xxx # set sticky bit permission, for directories only
Uppercase and lowercase meanings
- Uppercase: The original file/directory does not have execute (x) permission, and usually this setting does not take effect.
- Lowercase: The original file/directory has execute (x) permission.
For example:
Original file: -rwxr-xr-x
Adding SetUID results in 4755
Becomes: -rwsr-xr-x
Another example:
Original file: -rwxr--r--
Adding SetGID results in 2744
Becomes: -rwxr-Sr--
The sticky bit follows the same rule.
Reference
https://linuxhandbook.com/suid-sgid-sticky-bit/
Leave a message
Disclaimer
- Welcome to visit the knowledge base of SRE and DevOps!
- License under CC BY-NC 4.0
- Made with Material for MkDocs and improve writing by generative AI tools
- Copyright issue feedback me#imzye.com, replace # with @