Setgid and Sticky bit in Linux
Special permissions on files and directories in linux are : SetUID, SetGID and Sticky bit.
With the help of “chmod” command we can implement the special permissions on file and directories.
SUID / Set User ID : A program is executed with the file owner’s permissions (rather than with the permissions of the user who executes it).
SGID / Set Group ID : Files created in the directory inherit its GID, i.e When a directory is shared between the users , and sgid is implemented on that shared directory , when these users creates directory, then the created directory has the same gid or group owner of its parent directory.
Sticky Bit : It is used mainly used on folders in order to avoid deletion of a folder and its content by other user though he/she is having write permissions. If Sticky bit is enabled on a folder, the folder is deleted by only owner of the folder and super user(root). This is a security measure to suppress deletion of critical folders where it is having full permissions by others.
Permissions
|
Meaning
|
–S—— | SUID is set, but user (owner) execute is not set. |
–s—— | SUID and user execute are both set. |
—–S— | SGID is set, but group execute is not set. |
—–s— | SGID and group execute are both set. |
——–T | Sticky bit is set, bot other execute is not set. |
——–t | Sticky bit and other execute are both set. |
SUID Example : passwd command
When normal user try to change his/her password , passwd command is used , which is owned by root. This passwd command file will try to edit some system config files such as /etc/passwd, /etc/shadow etc. So passwd command is set with SUID to give root user permissions to normal user so that it can update /etc/shadow and other files.
Assign suid to a File :
# chmod u+s testfile.txt OR # chmod 4750 testfile.txt
In this example , 4 indicates SUID bitset, 7 for full permissions for owner, 5 for write and execute permissions for group, and no permissions for others.
SGID Example :
# chmod g+s OR # chmod 2750
Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for write and execute permissions for group, and no permissions for others.
StickyBit Example :
# chmod o+t /opt/ftp-data or # chmod +t /opt/ftp-data OR # chmod 1757 /opt/ftp-dta
In this example , 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and ful permissions for others.
Note : To check the special permissions , use these commands :
# ls -l
# ls -ld
courtesy:http://foralllinux.blogspot.com