Day 24 || SUID, SGID, and Sticky Bit in Linux

Day 24 || SUID, SGID, and Sticky Bit in Linux

Set User ID (SUID):

    • Definition: SUID is a special permission that can be assigned to an executable file in Linux. When a file has the SUID bit set, it runs with the privileges of the file's owner, not the person executing the file.

      • Purpose: SUID is typically used for programs that need to perform certain actions with elevated permissions but are meant to be run by regular users. It allows these programs to execute specific tasks with higher privileges temporarily.

      • Example: Consider the passwd command. It needs to modify the password file (usually /etc/passwd), which is only writable by the root user. However, regular users should be able to change their passwords. To accomplish this, passwd has the SUID bit set. When a regular user runs passwd, it temporarily runs with root privileges to make the necessary changes.

Set Group ID (SGID):

    • Definition: SGID is another special permission that can be assigned to executable files and directories. When a file with the SGID bit set is executed, it runs with the group ownership's privileges, rather than the primary group of the user executing it.

      • Purpose: SGID is often used when multiple users need to work on shared files or directories. It ensures that any new files created within a directory inherit the directory's group ownership, simplifying collaboration.

      • Example: Consider a project directory shared by a group of developers. To ensure that all new files created within this directory have the same group ownership (e.g., the developers' group), you can set the SGID bit on the directory.

Sticky Bit:

    • Definition: The Sticky Bit is a special permission applied to directories. When the Sticky Bit is set on a directory, only the owner of a file within that directory can delete or rename the file, even if others have write permissions for the directory.

      • Purpose: The Sticky Bit is often used in directories that are publicly writable, like the /tmp directory. It prevents users from accidentally or maliciously deleting or modifying each other's files.

      • Example: The /tmp directory is a common example of a directory with the Sticky Bit set. It allows multiple users to create files within /tmp, but each user can only delete or modify their own files. This prevents unauthorized access to other users' temporary files.

Now, let's proceed with commands and examples:

Setting and Viewing SUID, SGID, and Sticky Bit:

  • To set the SUID, SGID, or Sticky Bit, you can use the chmod command followed by the appropriate symbol (+s for SUID, +S for SGID, and +t for Sticky Bit) along with the file or directory name. For example:

      # Set SUID on a file
      chmod u+s filename
    
      # Set SGID on a directory
      chmod g+S directory
    
      # Set Sticky Bit on a directory
      chmod +t directory
    
  • To view the permissions of a file or directory, you can use the ls command with the -l flag. The permissions will be displayed in the output, including SUID, SGID, and Sticky Bit information.

      ls -l filename
      ls -l directory
    

These commands and examples should help you understand and work with SUID, SGID, and the Sticky Bit in Linux effectively.

Did you find this article valuable?

Support Aqib Hafeez(DevOps enthusiast) by becoming a sponsor. Any amount is appreciated!