Special file permissons (setuid, setgid and sticky bit)

Here we discuss how to use setuid, setgid and sticky bit permissions.

When we set any of these special permissions on executables or public directories, someone who runs the executable assumes the identify of the owner and group of the executable and/or prevents accidental removal.

Setting SETUID

Whenever SETUID permission are set on executable files, anyone executing that command (file) will inherit the permissions of the owner of the file -- The SETUID permission displays as an s in the owners executable field (-r-sr-xr-x).

This special permission can be quite dangerous. For example, If you have a SETUID shell which is owned by one user, other user essentially inherit your file permissions by executing it, hence they have the ability to remove all files which owned by the real user.

To set SETUID permissions on a executable file, we simply execute either of the following:

# chmod 4555 myexecfile
# chmod u+s myexecfile

To remove the SETUID, we can issue either of the following:

# chmod 0555 myexecfile
# chmod u-s myexecfile

To search for files with SETUID set, we can use the find command:

# find / -perm -4000 -print

Setting SETGID

The SETGID permission is similar to the SETUID, except that the process's effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions assigned to that group.

To set SETGID permissions on an executeable file, we would issue either of the following:

# chmod 2555 myexecfile
# chmod g+s myexec file

To remove these permissions:

# chmod 0555 myexecfile
# chmod g-s myexecfile

To search for files with SETGID set, we can again use the find command:

# find / -perm -2000 -print

Setting Stick bit permissions

If a directories permissions have the sticky bit set, then the file can be deleted only by the owner of the file/directory or the root user. This special permission prevents others from deleting other user’s file from to delete the public directories.

To set sticky bit permissions on a folder, we would issue either of the following:

# chmod 1777 mydir
# chmod +t mydir

To remove sticky bit, issue either:

# chmod 0777 mydir
# chmod -t mydir

To find directories with sticky bit set, we would run:

# find / -type d -perm -1000 -print

Permissions fields

The table below indicates how the permissions field looks when these special flags are set

--S------ SETUID is set, but execute permission is not set for file owner
--s------ SETUID and user execute permissions are set on the file
-----S--- SETGID is set, but group execute permissions is not
-----s--- SETGID and grop execute permissions are set on the file
--------T STICKY BIT is set both no execute permission for other is set
--------t Both STICKY BIT and other execute permissions are set