Advanced file permissions in linux
Download as DOCX, PDF0 likes1,852 views
This document discusses three special Linux file permissions: sticky bit, SUID, and SGID. Sticky bit allows only the owner of a directory or files within to delete or rename files in that directory. SUID runs scripts as the owner user rather than the running user. SGID runs scripts as the group owner instead of the running user's group. These special permissions give more control over access and execution for files and directories.
![Advanced File Permissions in Linux
Here we will discuss about the 3 special attributes other than the common read/write/execute.
Example:
drwxrwxrwt - Sticky Bits - chmod 1777
drwsrwxrwx - SUID set - chmod 4777
drwxrwsrwx - SGID set - chmod 2777
Sticky bit
Sticky bits are mainly set on directories.
If the sticky bit is set for a directory, only the owner of that directory or the owner of a file can delete or rename
a file within that directory.
Example:
Consider you have a directory " test ".
chmod it to " 777 ". This gives permissions for all the users to read, write and execute.
chmod +t test
Example: ls -al
drwxrwxrwt 2 a1 a1 4096 Jun 13 2008 .
-rw-rw-r-- 1 a1 a1 0 Jun 11 17:30 1.txt
-rw-rw-r-- 1 b2 b2 0 Jun 11 22:52 2.txt
From the above example a1 is the owner of the test directory.
a1 can delete or rename the files 1.txt and 2.txt.
b2 can delete or rename the file 2.txt only.
SUID - [ Set User ID ]
SUID bit is set for files ( mainly for scripts ).
The SUID permission makes a script to run as the user who is the owner of the script, rather than the user who
started it.
Example:
If a1 is the owner of the script and b2 tries to run the same script, the script runs with the ownership of a1.](https://image.slidesharecdn.com/advancedfilepermissionsinlinux-130424065944-phpapp01/85/Advanced-file-permissions-in-linux-1-320.jpg)
![If the root user wants to give permissions for some scripts to run by different users, he can set the SUID bit for that
particular script.
So if any user on the system starts that script, it will run under the root ownership.
Note:
root user much be very carefull with this.
SGID - [ Set Group ID ]
If a file is SGID, it will run with the privileges of the files group owner, instead of the privileges of the person
running the program.
This permission set also can make a similar impact. Here the script runs under the groups ownership.
You can also set SGID for directories.
Consider you have given 2777 permission for a directory. Any files created by any users under this directory will
come as follows.
Example:
-rw-rw-r-- 1 b2 a1 0 Jun 11 17:30 1.txt
In the above example you can see that the owner of the file 1.txt is b2 and the group owner is a1.
So both b2 and a1 will have access to the file 1.txt.
Now lets make this more intresting and complicated.
Create a directory "test". Chmod it to 2777. Add sticky bit to it.
Example:
mkdir test
chmod 2777 test
chmod +t test
ls -al test
drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 test
From the above permission set you can understand that SGID and sticky bit is set for the folder "test".
Now any user can create files under the test directory.
Example:
drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 .
-rw-rw-r-- 1 b2 a1 0 Jun 11 17:30 1.txt](https://image.slidesharecdn.com/advancedfilepermissionsinlinux-130424065944-phpapp01/85/Advanced-file-permissions-in-linux-2-320.jpg)
Advanced file permissions in linux
- 1. Advanced File Permissions in Linux Here we will discuss about the 3 special attributes other than the common read/write/execute. Example: drwxrwxrwt - Sticky Bits - chmod 1777 drwsrwxrwx - SUID set - chmod 4777 drwxrwsrwx - SGID set - chmod 2777 Sticky bit Sticky bits are mainly set on directories. If the sticky bit is set for a directory, only the owner of that directory or the owner of a file can delete or rename a file within that directory. Example: Consider you have a directory " test ". chmod it to " 777 ". This gives permissions for all the users to read, write and execute. chmod +t test Example: ls -al drwxrwxrwt 2 a1 a1 4096 Jun 13 2008 . -rw-rw-r-- 1 a1 a1 0 Jun 11 17:30 1.txt -rw-rw-r-- 1 b2 b2 0 Jun 11 22:52 2.txt From the above example a1 is the owner of the test directory. a1 can delete or rename the files 1.txt and 2.txt. b2 can delete or rename the file 2.txt only. SUID - [ Set User ID ] SUID bit is set for files ( mainly for scripts ). The SUID permission makes a script to run as the user who is the owner of the script, rather than the user who started it. Example: If a1 is the owner of the script and b2 tries to run the same script, the script runs with the ownership of a1.
- 2. If the root user wants to give permissions for some scripts to run by different users, he can set the SUID bit for that particular script. So if any user on the system starts that script, it will run under the root ownership. Note: root user much be very carefull with this. SGID - [ Set Group ID ] If a file is SGID, it will run with the privileges of the files group owner, instead of the privileges of the person running the program. This permission set also can make a similar impact. Here the script runs under the groups ownership. You can also set SGID for directories. Consider you have given 2777 permission for a directory. Any files created by any users under this directory will come as follows. Example: -rw-rw-r-- 1 b2 a1 0 Jun 11 17:30 1.txt In the above example you can see that the owner of the file 1.txt is b2 and the group owner is a1. So both b2 and a1 will have access to the file 1.txt. Now lets make this more intresting and complicated. Create a directory "test". Chmod it to 2777. Add sticky bit to it. Example: mkdir test chmod 2777 test chmod +t test ls -al test drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 test From the above permission set you can understand that SGID and sticky bit is set for the folder "test". Now any user can create files under the test directory. Example: drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 . -rw-rw-r-- 1 b2 a1 0 Jun 11 17:30 1.txt
- 3. -rw-rw-r-- 1 c3 a1 0 Jun 11 17:30 2.txt -rw-rw-r-- 1 d4 a1 0 Jun 11 17:30 3.txt So all the a1 user has access to all the files under the test directory. He can edit, rename or remove the file. b2 user has access to 1.txt only, c3 has access to 2.txt only... If sticky bit was not set for the test directory, any user can delete any files from the test directory, since the test directory has 777 permissions. But now it not possible. Example: If d4 tries to remove 1.txt rm -f 1.txt rm: cannot remove `1.txt': Operation not permitted