Added on Jan 23rd, 2016 and marked as permissions

On Unix-like systems there are special permission types for files and directories. What do the sticky bit and setuid mean and how can you use these? Let’s compare them.

(Sidenote: incorrect use of these permission types may result in severe security risks.)

Sticky Bit

The sticky bit is an Unix access rights flag that can be assigned to files and directories. In a directory with the sticky bit set, only the file’s owner, the directory’s owner or root can rename or delete the file. Without the sticky bit, any user with write and execute permissions for the directory can rename or delete files in the directory.

The /tmp directory is an example of a directory that typically has the sticky bit set to prevent users from moving or deleting other users’ files.

Set the sticky bit on a file or directory

The sticky bit can be set using the chmod command. It can be set using the symbolic notation (+t):

chmod +t /tmp/file.txt
chmod +t /tmp/directory/

or using the octal mode (1000):

chmod 1644 /tmp/file.txt
chmod 1755 /tmp/directory/

To clear the sticky bit is as simple as this:

chmod -t /tmp/file.txt
chmod 0644 /tmp/file.txt

In a directory listing the sticky bit will be indicated by a lowercase t at the end of the list with permissions:

-rwxrwxr-t 1 user group 147 Jan 23 17:39 /tmp/file.txt

In case the sticky bit is set on a file or directory without the execution bit set for the others category, it is indicated by an uppercase T:

-rw-rw-r-T 1 user group 147 Jan 23 17:39 /tmp/file.txt

Setuid

setuid (set user ID upon execution) is an Unix access rights flag that allows users to run an executable with the permissions of the executable’s owner.

When an executable file has the setuid attribute, normal users gain the privileges of the user who owns the file (commonly root). When root privileges have been gained within the process, the application can then perform tasks on the system that regular users normally would be restricted from doing.

Executables that use a SUID bit are for example passwd, ping and crontab.

Set the SUID on a file

You can either set the SUID bit on a file using the symbolic notation:

chmod u+s /path/to/file.txt

or using octal notation:

chmod 4750 /path/to/file.txt

In the example above 4 is the SUID bit, 7 grants full permissions to the user, 5 read and execute permissions to the group and 0 no permissions for others.

s vs. S

When the SUID bit is set on an executable there will be a (lowercase) s where you normally would see the x in a directory listing. For example for /bin/ping:

$ ls -l /bin/ping
-rwsr-xr-x 1 root root 44168 May  7  2014 /bin/ping

If the file does not have execute permissions but the SUID bit is set nevertheless, there will be (uppercase) S:

$ ls -l /tmp/file.txt
-rwSr--r-- 1 user group 147 Jan 23 17:19 /tmp/file.txt

Find files with the SUID bit

To find files or directories with the SUID bit set you can use:

find / -perm +4000

Setgid

setgid is similar to setuid, except that the user will run the executable using the group’s permissions.