Learn Special Permission in Linux (SUID, SGID, Sticky Bit)
In Linux, file and directory permissions are crucial for maintaining system security. Apart from standard read, write, and execute permissions, there are special permissions that provide advanced control. These include SUID, SGID, and the Sticky Bit. As a Linux administrator, understanding these is essential for managing user access properly.
1. Set User ID (SUID)
The SUID bit allows a file to be executed with the permissions of the file owner, not the user running it.
Example:
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 54256 Jan 10 12:34 /usr/bin/passwd
Notice the s in the owner’s execute field (-rws). This means when any user runs passwd, it executes with root privileges, allowing password updates.
2. Set Group ID (SGID)
When SGID is set on a file, it runs with the group’s permissions. On directories, it ensures new files inherit the group ID of the directory instead of the user’s primary group.
Example:
mkdir /shared
chmod 2775 /shared
ls -ld /shared
drwxr-sr-x 2 root developers 4096 Jan 10 12:50 /shared
Here, 2 indicates SGID is active. Any file created inside /shared will automatically belong to the developers group.
3. Sticky Bit
The Sticky Bit is mainly used on shared directories like /tmp. It ensures that only the file’s owner (or root) can delete or rename files, even if others have write permissions.
Example:
ls -ld /tmp
drwxrwxrwt 10 root root 4096 Jan 10 13:00 /tmp
Notice the t at the end (drwxrwxrwt). This indicates the Sticky Bit is set, preventing users from deleting each other’s files in /tmp.
How to Set Special Permissions
- SUID:
chmod u+s filename - SGID:
chmod g+s directory - Sticky Bit:
chmod +t directory
Summary
Special permissions add another layer of security and flexibility in Linux:
- SUID – execute as file owner
- SGID – execute as group or enforce group inheritance
- Sticky Bit – restrict deletion in shared directories
By mastering these, Linux administrators can maintain secure and efficient multi-user environments.