Unlocking Special Permissions in Linux: A Complete Guide to SUID, SGID, and Sticky Bit

Discover how to manage special permissions in Linux with this concise guide to SUID, SGID, and Sticky Bit. Learn how these advanced permissions enhance security and control access to files and directories in Linux systems.

LINUXLATEST-ARTICLES

moninfo

9/9/20243 min read

white arrow logo
white arrow logo

Mastering Special Permissions on Linux: A Guide to SUID, SGID, and Sticky Bit

"The default permissions in Linux are there to protect your system.

It’s crucial to understand and manage SUID, SGID, and Sticky Bit to avoid vulnerabilities."

In UNIX-based systems like Linux, special permissions play a critical role in controlling access and enhancing security. The SUID (Set User ID), SGID (Set Group ID), and Sticky Bit are unique permissions that allow users and groups to execute specific tasks with elevated privileges. Here's an in-depth look at how these permissions work and how you can apply them effectively.

1. What is SUID (Set User ID)?

The SUID bit is applied to executable files. When a user runs a program with the SUID bit set, the program operates with the file owner's privileges instead of the user's. This is particularly useful for allowing non-privileged users to execute tasks requiring higher privileges.

Example:

  • /usr/bin/passwd: The passwd command, which allows users to change their passwords, requires superuser access to modify system files such as /etc/shadow. By setting the SUID bit on passwd, users can update their passwords without needing root access.

Set SUID Command:

chmod u+s <file>

To remove SUID:

chmod u-s <file>

Permission View: A file with SUID will display an "s" in the owner's permission set (e.g., rwsr-xr-x). (Numeric: 4000)

Security Risks: If not carefully managed, SUID can be a security vulnerability, as malicious users might exploit files with elevated privileges to gain unauthorized access.

2. What is SGID (Set Group ID)?

For SGID, the concept is similar, but it applies to group permissions. When a file or program with the SGID bit set is executed, it runs with the privileges of the file’s group, instead of the user's group. This is helpful in shared environments where multiple users need access to group-owned resources. For directories, SGID ensures that new files inherit the directory’s group, which simplifies shared project management.

Set SGID Command:

chmod g+s <file or directory>

To remove SGID:

chmod g-s <file or directory>

Permission View: A file with SGID will show an "s" in the group permission set (e.g., rwxr-sr-x). (Numeric: 2000)

Example: In a shared project directory, setting the SGID bit ensures all new files created will inherit the group ownership, making collaboration smoother.

3. Combining SUID and SGID

Both SUID and SGID can be set simultaneously on executable files, granting both owner and group privileges during execution. This fine-tuning of permissions is valuable for specific applications requiring controlled access.

  • Permissions for test_file: rwsr--r--

    • rws: The owner (moninfo) has read, write, and SUID privileges.

    • r--: The group has read permissions only.

    • r--: Others can read the file.

  • Permissions for test_file2: rw-rwsr--

    • rw-: The owner has read and write permissions.

    • rws: The group has read and SGID permissions.

    • r--: Others have read-only access.

4. Sticky Bit

The Sticky Bit is typically applied to shared directories like /tmp. When enabled, only the file's owner or the root user can delete or modify the file, even if other users have write permissions for the directory. This prevents users from accidentally or maliciously deleting others' files.

Set Sticky Bit Command:

chmod +t <directory>

To remove Sticky Bit:

chmod -t <directory>

Permission View: A directory with Sticky Bit will show a "t" in the execute position of the others' permission set (e.g., drwxrwxrwt). (Numeric: 1000)

How to Find Files with SUID, SGID, or Sticky Bit:

Find files with SUID:

find / -perm -4000 2>/dev/null

Find files with SGID:

find / -perm -2000 2>/dev/null

Find files with SUID or SGID:

find / -perm /6000 2>/dev/null

Find files with Sticky Bit:

find / -perm /1000 2>/dev/null

By mastering these special permissions, you can significantly enhance security and file management in Linux systems, ensuring that users and groups only have the access they need

Author: Moninfo

I am a young IT enthusiast, always on the lookout for the latest technological innovations.

Curious and dedicated, I share through my writings analyses and discoveries that shape the digital world of tomorrow. Join me as we explore the frontiers of technology together.

Contact

contact@moninfo.tech

© 2024. All rights reserved.