SetUID, SetGID, and Sticky Bits in Linux File Permissions
Last Updated :
19 Jul, 2024
As explained in the article
Permissions in Linux, Linux uses a combination of bits to store the permissions of a file. We can change the permissions using the
chmod
command, which essentially changes the 'r', 'w' and 'x' characters associated with the file. Further, the ownership of files also depends on the
uid
(user ID) and the
gid
(group ID) of the creator, as discussed in this
article. Similarly, when we launch a process, it runs with the
uid
and
gid
of the user who launched it.
1. The
setuid
bit
This bit is present for files which have executable permissions. The
setuid
bit simply indicates that when running the executable, it will set its permissions to that of the user who created it (owner), instead of setting it to the user who launched it. Similarly, there is a
setgid
bit which does the same for the
gid
. To locate the
setuid
, look for an 's' instead of an 'x' in the executable bit of the file permissions. An example of an executable with
setuid
permission is
passwd
, as can be seen in the following output.
ls -l /etc/passwd
This returns the following output:
-rwsr-xr-x root root 2447 Aug 29 2018 /etc/passwd
As we can observe, the 'x' is replaced by an 's' in the user section of the file permissions. To set the
setuid
bit, use the following command.
chmod u+s
To remove the
setuid
bit, use the following command.
chmod u-s
2. The
setgid
bit
The
setgid
affects both files as well as directories. When used on a file, it executes with the privileges of the group of the user who owns it instead of executing with those of the group of the user who executed it. When the bit is set for a directory, the set of files in that directory will have the same group as the group of the parent directory, and not that of the user who created those files. This is used for file sharing since they can be now modified by all the users who are part of the group of the parent directory. To locate the
setgid
bit, look for an 's' in the group section of the file permissions, as shown in the example below.
-rwxrwsr-x root root 1427 Aug 2 2019 sample_file
To set the
setgid
bit, use the following command.
chmod g+s
To remove the
setgid
bit, use the following command.
chmod g-s
Security Risks
The
setuid
bit is indeed quite useful in various applications, however, the executable programs supporting this feature should be carefully designed so as to not compromise on any security risks that follow, such as buffer overruns and path injection. If a vulnerable program runs with root privileges, the attacker could gain root access to the system through it. To dodge such possibilities, some operating systems ignore the
setuid
bit for executable shell scripts.
3. The sticky bit
The sticky bit was initially introduced to 'stick' an executable program's text segment in the swap space even after the program has completed execution, to speed up the subsequent runs of the same program. However, these days the sticky bit means something entirely different. When a directory has the sticky bit set, its files can be deleted or renamed only by the file owner, directory owner and the root user. The command below shows how the sticky bit can be set.
chmod +t
Simply look for a 't' character in the file permissions to locate the sticky bit. The snippet below shows how we can set the sticky bit for some directory "Gatos", and how it prevents the new user from deleting a file in the directory.
To remove the sticky bit, simply use the following command.
chmod -t
Since deleting a file is controlled by the write permission of the file, practical uses of the sticky bit involve world-writable directories such as '/tmp' so that the delete permissions are reserved only for the owners of the file.
Similar Reads
Finding Files With SUID and SGID Permissions in Linux
SUID(Set-user Identification) and SGID(Set-group identification) are two special permissions that can be set on executable files, and These permissions allow the file being executed to be executed with the privileges of the owner or the group. SUID: It is special file permission for executable files
3 min read
How to Set File Permissions in Linux
Ever worried about who can access, modify, or execute your critical files on a Linux system? File permissions are the backbone of Linux security, ensuring that only authorized users and processes interact with your data.In this guide, you’ll learn how to master Linux file permissions using commands
10 min read
Advance File Permissions in Linux
The Linux file permissions are not limited to "rwx" bits, there are 3 special permissions apart from these "rwx" permissions which are SUID,SGID,The Sticky Bit. This article is about the 3 special file permissions and how to set and remove those permission bits. Set-user-ID (SUID) In Linux by defaul
4 min read
How to Fix - Reading A File: Permission Denied on Linux
In this article, we will see how to fix when a permission error occurs while reading any file in Linux. We'll see how to fix that and also why that error occurs, and its common causes so that in future you will be able to solve those kinds of errors yourself. We'll learn various methods to solve thi
6 min read
How to Create a File in the Linux Using the Terminal?
In this article, we will learn to create a file in the Linux/Unix system using the terminal. In the Linux/Unix system, there are the following ways available to creating files. Using the touch commandUsing the cat commandUsing redirection operatorUsing the echo commandUsing the heredocUsing the dd c
4 min read
Real, Effective and Saved UserID in Linux
Every user in Unix like operating system is identified by a different integer number, this unique number is called as UserID. There are three types of UID defined for a process, which can be dynamically changed as per the privilege of task. The three different types of UIDs defined are : 1. Real Use
3 min read
Shell Script to List Files that have Read, Write and Execute Permissions
In this article, We will learn how to list all files in the current directory that have Red, Write and Execute permission. Suppose, we have the following files in our current directory : Here, We have a total of 8 files in our current directory. Out of 8, we have Read, Write and Execute permission o
3 min read
File Timestamps - mtime, ctime and atime in Linux
Timestamps are records for the times in which actions are performed on files. A timestamp is useful because it keeps records of when a file was accessed, modified, or added. Linux's files have 3 timestamps recorded by the computer: Access timestamp (atime): which indicates the last time a file was a
4 min read
What is SGID and How to Set SGID in Linux
In Linux, file and directory permissions are crucial for maintaining system security and functionality. One special permission type is the Set Group IDSGID or SGID. This guide will explain SGID, how to set it, and its common uses.Understanding SGIDSGID stands for Set Group ID. When applied to a dire
4 min read
Bash Script - File Permissions
In this article, we will discuss file permission in Bash Script To understand the scenario let's take an example. Let's consider there is a system admin A for company XYZ he designs a script that is to be executed by a user at 8:00 PM daily to send a report. He designs the script but forgets to give
5 min read