On Unix-like systems there are special permission types for files and directories. What do the sticky bit and setuid mean and how can you use these? Let’s compare them.
(Sidenote: incorrect use of these permission types may result in severe security risks.)
Sticky Bit
The sticky bit is an Unix access rights flag that can be assigned to files and directories. In a directory with the sticky bit set, only the file’s owner, the directory’s owner or root
can rename or delete the file. Without the sticky bit, any user with write and execute permissions for the directory can rename or delete files in the directory.
The /tmp
directory is an example of a directory that typically has the sticky bit set to prevent users from moving or deleting other users’ files.
Set the sticky bit on a file or directory
The sticky bit can be set using the chmod
command. It can be set using the symbolic notation (+t
):
chmod +t /tmp/file.txt
chmod +t /tmp/directory/
or using the octal mode (1000
):
chmod 1644 /tmp/file.txt
chmod 1755 /tmp/directory/
To clear the sticky bit is as simple as this:
chmod -t /tmp/file.txt
chmod 0644 /tmp/file.txt
In a directory listing the sticky bit will be indicated by a lowercase t
at the end of the list with permissions:
-rwxrwxr-t 1 user group 147 Jan 23 17:39 /tmp/file.txt
In case the sticky bit is set on a file or directory without the execution bit set for the others
category, it is indicated by an uppercase T
:
-rw-rw-r-T 1 user group 147 Jan 23 17:39 /tmp/file.txt
Setuid
setuid
(set user ID upon execution) is an Unix access rights flag that allows users to run an executable with the permissions of the executable’s owner.
When an executable file has the setuid
attribute, normal users gain the privileges of the user who owns the file (commonly root
). When root privileges have been gained within the process, the application can then perform tasks on the system that regular users normally would be restricted from doing.
Executables that use a SUID bit are for example passwd
, ping
and crontab
.
Set the SUID on a file
You can either set the SUID bit on a file using the symbolic notation:
chmod u+s /path/to/file.txt
or using octal notation:
chmod 4750 /path/to/file.txt
In the example above 4
is the SUID bit, 7
grants full permissions to the user, 5
read and execute permissions to the group and 0
no permissions for others.
s vs. S
When the SUID bit is set on an executable there will be a (lowercase) s
where you normally would see the x
in a directory listing. For example for /bin/ping
:
$ ls -l /bin/ping
-rwsr-xr-x 1 root root 44168 May 7 2014 /bin/ping
If the file does not have execute permissions but the SUID bit is set nevertheless, there will be (uppercase) S
:
$ ls -l /tmp/file.txt
-rwSr--r-- 1 user group 147 Jan 23 17:19 /tmp/file.txt
Find files with the SUID bit
To find files or directories with the SUID bit set you can use:
find / -perm +4000
Setgid
setgid
is similar to setuid
, except that the user will run the executable using the group’s permissions.