What is SUID, SGID, and Sticky Bit?

Learn via video courses
Topics Covered

In the realm of Linux permissions, SUID (Set User ID), SGID (Set Group ID), and Sticky Bit are critical attributes that extend beyond standard file permissions, providing powerful functionalities such as granting temporary privileges, controlling group access, and preserving data integrity.

This article will explore these three special permissions in Linux file systems. We will dive into the details of each permission and discuss how to set them on files and directories. Specifically, we will cover how to set SUID on a file, and SGID on a directory and enable the sticky bit permission. By the end of this article, readers will have a comprehensive understanding of these special permissions in Linux and their practical applications, empowering them to optimize file management and security in Linux environments.

3 Special Permissions in Linux

SUID Permission

SUID, short for Set User ID, is a special permission that can be assigned to executable files. When an executable file has the SUID permission enabled, it allows users who execute the file to temporarily assume the privileges of the file's owner. This means that even if a user does not have the necessary permissions to access or perform certain actions, they can do so by executing a file with the SUID permission.

For example, consider a system administrator who wants to allow regular users to execute a specific system utility, such as passwd, which is usually restricted to privileged users. By assigning the SUID permission to the passwd executable, regular users can execute it and change their passwords without requiring administrative privileges.

SGID Permission

SGID, which stands for Set Group ID, is another special permission that can be applied to executable files and directories. When an executable file has the SGID permission enabled, it allows users who execute the file to temporarily assume the group ownership of the file. For directories with the SGID permission enabled, newly created files and directories within that directory inherit the group ownership of the parent directory rather than the user's default group ownership.

One practical use case of SGID permission is in collaborative environments where multiple users need to work on shared directories. By setting the SGID permission on a shared directory, all files and directories created within it will automatically have the same group ownership, ensuring proper collaboration and access control.

Sticky Bit

The sticky bit is a special permission that can only be set on directories. When the sticky bit is enabled on a directory, it restricts the ability to delete or rename files within that directory to the file owner, the directory owner, and the superuser. It ensures that each user can only remove or modify their files, even if they have write permissions on the directory.

An illustrative example of the sticky bit's usefulness is the /tmp directory, which is commonly used for temporary file storage. By enabling the sticky bit on /tmp, users can safely create and delete their temporary files without worrying about other users accidentally or maliciously tampering with them.

How to Set SUID on a File?

Setting the SUID permission on a file requires using the chmod command with the numeric representation of the permission. The numeric value for SUID is 4.

To set the SUID permission on a file, execute the following command:

In the command above, replace file with the actual filename or path to the file you wish to modify, and xxx with the existing permission bits for the file.

For example, if you want to set the SUID permission on a file named script.sh that currently has the permission bits 755, you would run:

After executing this command, the script.sh file will enable the SUID permission.

How to Set SGID on a Directory?

Applying the SGID permission to a directory follows a similar process to setting the SUID permission on a file. The numeric value for SGID is 2.

To set the SGID permission on a directory, you can use the chmod command as well:

Replace directory with the actual directory name or path and xxx with the current permission bits of the directory.

For instance, if you want to set the SGID permission on a directory named shared with permission bits 755, you would execute:

After executing this command, the shared directory will enable the SGID permission.

How to Set Sticky Bit Permission?

Enabling the sticky bit permission on a directory is similar to setting SUID and SGID permissions. The numeric value for the sticky bit is 1.

To set the sticky bit permission on a directory, use the chmod command:

Replace directory with the name or path of the directory and xxx with the current permission bits.

For example, if you want to set the sticky bit permission on a directory named public with permission bits 777, run:

After executing this command, the public directory will have the sticky bit permission enabled.

Conclusion

  • Special permissions in Linux, including SUID, SGID, and the sticky bit, provide additional control and flexibility over file and directory access.
  • SUID allows users to temporarily assume the privileges of the file owner, while SGID enables temporary group ownership.
  • The sticky bit ensures that users can only delete or modify their files within a directory.
  • Understanding and appropriately utilizing these special permissions in Linux can enhance security and access control in a Linux environment.