Three unique types of permissions are accessible for executable files and directories. Special permissions on files and directories in linux are : SetUID, SetGID and Sticky piece. You should be greatly cautious when you set special permissions. If user can get superuser privileges by executing a program that sets the user ID (UID) to root. Then security risk increase. We can set the special permissions on file and directories with the help of “chmod” command.
SetUID remains for Set User ID. This implies if the SUID bit is set for any application then your user ID would be set as that of the owner of application/file instead of the current user, while running that application. That implies in the case that I have an application whose owner is ” root ” and it has its SUID bit set, then when I run this application as an another user, that application would at present keep running as root. Since the SUID bit tells Linux that the User ID root is set for this application and at whatever point this application executes it must execute as though root was executing it.
SetGID remains for Set Group ID. Much the same as SUID, setting the SGID bit for a file sets your group ID to the file’s group while the record is executing. IT is truly useful in case that you have a real multi-user setup where users can access other users files. In any case, the fundamental concept is the same as the SUID, the files whose SGID bit are set would be used as though they belong with that group rather than to that user alone.
It is used mainly used on folders in order to avoid deletion of a folder and its content by other user though he/she is having write permissions. If Sticky bit is enabled on a folder, the folder is deleted by only owner of the folder and super user(root). This is a security measure to suppress deletion of critical folders where it is having full permissions by others.
Special permissions on files and directories: SetUID, SetGID and Sticky bit.
||on a File
||on a Directory
|SUID or Set User ID
||A program is executed with the file owner’s permissions.
||Files created in the directory inherit its UID.
|SGID or Set Group ID
||The effective group of an executing program is the file owner group.
||Files created in the directory inherit its GID.
||A program sticks in memory after execution.
||Any user can create files, but only the owner of a file can delete it.
|– – S – – – – – –
||SUID is set, but user (owner) execute is not set.
|– – s – – – – – –
||SUID and user execute are both set.
|– – – – – S – – –
||SGID is set, but group execute is not set.
|– – – – – s – – –
||SGID and group execute are both set.
|– – – – – – – – T
||Sticky bit is set, bot other execute is not set.
|– – – – – – – – t
||Sticky bit and other execute are both set.