Special permissions in Linux (SUID, SGID, Sticky Bit)

Apart from traditional file permissions in linux,there are three types of special permissions:
1) Set User ID i.e. SUID (only for command binaries)
2) Set Group ID i.e. SGID (for command binaries and directories)
3) Sticky Bit (only for directories)

SUID (Set User ID) => When a SUID bit is set on a command then that command always executes with the User ID of its own user owner (who created it) instead of the user who is executing it.

EXAMPLE: The binary of passwd command has SUID permission set on it, that is why, when unpriviledged users execute this command, it always executes with the UID of "root" and changes their password in /etc/shadow (which is only readable or writable by root).

To set SUID on a program, run:

[kh@server ~]$ chmod u+s "/path/to/command/binary" 
SGID (Set Group ID)(on command binary) => When SGID permission is set on any command, then that command runs with the Group ID of group owner of the command's binary instead of GID of the user who is executing it. To set SGID on a program, run:
[kh@server ~]$ chmod g+s "/path/to/command/binary" 
SGID (Set Group ID)(on directories) => When SGID permission is set on a directory, then all the new (future) files created under that directory will have the same group owner as that of the parent directory. Moreover subdirectories (created in future) will also have SGID bit on them. Example: If we set SGID on a directory, for example: on /tmp/test with group owner as "john", now if another user "mike" creates any file in /tmp/test directory then the user owner of this file will be "mike" but group owner will be "john" because of SGID on parent directory. To set SGID on a directory, run:
[kh@server ~]$ chmod g+s /path/to/directory 
Sticky Bit => The new files created under the directory having Sticky Bit on it can be only deleted by root or the user who created that file. No other user can delete that file even if they have write permission on the parent directory. EXAMPLE: /tmp directory is having Sticky Bit permission on it, that is why the content under this can be only deleted by root or the user owner of the content/file. To set Sticky Bit on a directory, run:
[kh@server ~]$ chmod o+t /path/to/directory 

Comments

Hi.