Scribd
Upload
20 views

Per Missions

Setuid and setgid permissions allow processes running executable files to access files and directories with the permissions of the file owner or group owner respectively, rather than the user running the process. This enables users to perform privileged actions like changing passwords. The sticky bit protects files in a directory so only the file owner, directory owner, or privileged user can delete them, preventing deletion of other users' files from public directories.

Uploaded by

prasanna_erudite
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
20 views

Per Missions

Setuid and setgid permissions allow processes running executable files to access files and directories with the permissions of the file owner or group owner respectively, rather than the user running the process. This enables users to perform privileged actions like changing passwords. The sticky bit protects files in a directory so only the file owner, directory owner, or privileged user can delete them, preventing deletion of other users' files from public directories.

Uploaded by

prasanna_erudite
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Special File Permissions (setuid, setgid and Sticky Bit)

Three special types of permissions are available for executable files and public directories:
setuid, setgid, and sticky bit. When these permissions are set, any user who runs that

setuid Permission

When setuid permission is set on an executable file, a process that runs this file is granted
access on the basis of the owner of the file. The access is not based on the user who is running
the executable file. This special permission allows a user to access files and directories that are
normally available only to the owner.

For example, the setuid permission on the passwd command makes it possible for users to
change passwords. A passwd command with setuid permission would resemble the following:

-r-sr-sr-x 3 root sys 28144 Jun 17 12:02 /usr/bin/passwd

This special permission presents a security risk. Some determined users can find a way to
maintain the permissions that are granted to them by the setuid process even after the process
has finished executing.

setgid Permission

The setgid permission is similar to the setuid permission. The process's effective group ID
(GID) is changed to the group that owns the file, and a user is granted access based on the
permissions that are granted to that group. The /usr/bin/mail command has setgid
permissions:

-r-x--s--x 1 root mail 67504 Jun 17 12:01 /usr/bin/mail

When the setgid permission is applied to a directory, files that were created in this directory
belong to the group to which the directory belongs. The files do not belong to the group to which
the creating process belongs. Any user who has write and execute permissions in the directory
can create a file there. However, the file belongs to the group that owns the directory, not to the
group that the user belongs to.

Sticky Bit
The sticky bit is a permission bit that protects the files within a directory. If the directory has the
sticky bit set, a file can be deleted only by the file owner, the directory owner, or by a privileged
user. The root user and the Primary Administrator role are examples of privileged users. The
sticky bit prevents a user from deleting other users' files from public directories such as /tmp:

drwxrwxrwt 7 root sys 400 Sep 3 13:37 tmp

You might also like