SUID, GUID and Sticky Bit
SUID, GUID and Sticky bit
General file permission
ls -al
-rw------- 1 dc dc 9590 Apr 20 13:28 .bash_history
-rw-r--r-- 1 dc dc 220 Apr 4 2018 .bash_logout
-rw-r--r-- 1 dc dc 3771 Apr 4 2018 .bashrc
drwx------ 3 dc dc 4096 Apr 18 11:18 .cache
drwx------ 3 dc dc 4096 Apr 13 05:38 .config
drwx------ 3 dc dc 4096 Apr 13 05:29 .gnupg
-rw-r--r-- 1 dc dc 807 Apr 4 2018 .profile
rwxrwxrwx -> 777
Special file permission
E.g. passwd
command
ls -al /usr/bin/passwd
-rwsr-xr-x 1 root root 59640 Mar 22 2019 /usr/bin/passwd*
The first x
place is s
instead of x
or -
, this means other user can execute this program, not only root
When the SUID bit is set on an executable file, this means that the file will be executed with the same permissions as the owner of the executable file.
Why we need SUID? Or why passwd
needs SUID?
passwd
will modify /etc/passwd
and /etc/shadow
files which should be modified by root
, so a regular can’t modify these files if no SUID
Why I can’t modify other user’s password?
If I have same permission as root
, why I can’t modify other user’s password? passwd
checks that: https://github.com/shadow-maint/shadow/blob/master/src/passwd.c
Set SUID
chmod u+s filename
Or
chmod 4xxx filename
SUID use 4
Remove SUID
chmod u-s filename
Or
chmod 0xxx filename
small s
and capital S
When you set SUID for a non execute file, you will get a capital S
, this means error for SUID
SGID
Same as SUID, this permission on Group part.
With the SGID bit set, any user executing the file will have same permissions as the group owner of the file.
on directory
When SGID permission is applied to a directory, all sub directories and files created inside this directory will get the same group ownership as main directory (not the group ownership of the user that created the files and directories).
Keep group ownership of sub-directory or files under the directory, see /var/local
directory
Set and Remove SGID
chmod g+s filename
chmod g-s filename
chmod 2xxx filename
chmod 0xxx filename
Sticky Bit
Last bit of file permission, drwxrwxrwt
The sticky bit works on the directory. With sticky bit set on a directory, all the files in the directory can only be deleted or renamed by the file owners only or the root.
See /tmp
directory
Set Sticky bit
chmod +t directory
chmod -t directory
chmod 1xxx directory
chmod 0xxx directory
capital T
If the directory doesn’t have the execute permission set for all, setting a sticky bit will result in showing T instead of t