Special Permissions in Linux - snir1551/DevOps-Linux GitHub Wiki
Beyond the standard read (r), write (w), and execute (x) permissions, Linux provides special permission bits that offer additional control over how files and directories behave.
These special bits are:
-
Set-UID (s on user execute bit)
- What it does: When a file with Set-UID is executed, the process runs with the privileges of the file owner (usually root), rather than the user who executed the file.
- Use case: Needed for certain system programs like passwd (which modifies system files like /etc/shadow).
- Example: -rwsr-xr-x 1 root root 50K Jan 1 12:00 /usr/bin/passwd
-
Set-GID (s on group execute bit)
- For files: Similar to Set-UID, but applies group permissions instead of user.
- For directories: New files created inside inherit the group ownership of the directory (rather than the user's primary group).
- Use case: Useful for shared project folders, e.g., /var/www for web servers.
- Example for directory: drwxrwsr-x 2 user devs 4.0K May 22 /projects
-
Sticky Bit (t on others execute bit)
- What it does: On directories, it prevents users from deleting or renaming files unless they are the owner (or root).
- Common usage: The /tmp directory, which is world-writable but each user should only delete their own files.
- Example: drwxrwxrwt 7 root root 4.0K May 22 /tmp
Octal Notation for Special Bits
Special bits use an additional digit in octal notation, placed before the standard 3 permission digits:
| Special | Octal | Effect |
|---|---|---|
| Set-UID | 4 | Run as file owner |
| Set-GID | 2 | Run as group / Inherit group for dirs |
| Sticky | 1 | Restrict deletions |
For example:
chmod 4755 myscript.sh
- 4 = Set-UID
- 755 = rwxr-xr-x
| Special Bit | Symbol in ls -l |
Purpose |
|---|---|---|
| Set-UID | s in user x |
Run file as owner |
| Set-GID | s in group x |
Run file as group / inherit group for dirs |
| Sticky Bit | t in others x |
Restrict deletions in shared directories |