SUID, GUID and Sticky Bit

SUID, GUID and Sticky bit

SUID, GUID and Sticky Bit

General file permission

ls -al

-rw------- 1 dc   dc    9590 Apr 20 13:28 .bash_history
-rw-r--r-- 1 dc   dc     220 Apr  4  2018 .bash_logout
-rw-r--r-- 1 dc   dc    3771 Apr  4  2018 .bashrc
drwx------ 3 dc   dc    4096 Apr 18 11:18 .cache
drwx------ 3 dc   dc    4096 Apr 13 05:38 .config
drwx------ 3 dc   dc    4096 Apr 13 05:29 .gnupg
-rw-r--r-- 1 dc   dc     807 Apr  4  2018 .profile

rwxrwxrwx -> 777

Special file permission

E.g. passwd command

ls -al /usr/bin/passwd

-rwsr-xr-x 1 root root 59640 Mar 22  2019 /usr/bin/passwd*

The first x place is s instead of x or -, this means other user can execute this program, not only root

When the SUID bit is set on an executable file, this means that the file will be executed with the same permissions as the owner of the executable file.

Why we need SUID? Or why passwd needs SUID?

passwd will modify /etc/passwd and /etc/shadow files which should be modified by root, so a regular can’t modify these files if no SUID

Why I can’t modify other user’s password?

If I have same permission as root, why I can’t modify other user’s password? passwd checks that: https://github.com/shadow-maint/shadow/blob/master/src/passwd.c

Set SUID

chmod u+s filename

Or

chmod 4xxx filename

SUID use 4

Remove SUID

chmod u-s filename

Or

chmod 0xxx filename

small s and capital S

When you set SUID for a non execute file, you will get a capital S, this means error for SUID

SGID

Same as SUID, this permission on Group part.

With the SGID bit set, any user executing the file will have same permissions as the group owner of the file.

on directory

When SGID permission is applied to a directory, all sub directories and files created inside this directory will get the same group ownership as main directory (not the group ownership of the user that created the files and directories).

Keep group ownership of sub-directory or files under the directory, see /var/local directory

Set and Remove SGID

chmod g+s filename
chmod g-s filename
chmod 2xxx filename
chmod 0xxx filename

Sticky Bit

Last bit of file permission, drwxrwxrwt

The sticky bit works on the directory. With sticky bit set on a directory, all the files in the directory can only be deleted or renamed by the file owners only or the root.

See /tmp directory

Set Sticky bit

chmod +t directory
chmod -t directory
chmod 1xxx directory
chmod 0xxx directory

capital T

If the directory doesn’t have the execute permission set for all, setting a sticky bit will result in showing T instead of t

Ref

https://linuxhandbook.com/suid-sgid-sticky-bit/