Linux - Advanced file permissions in Linux
Advanced file permissions in Linux go beyond the basic read (r), write (w), and execute (x) flags. They include special permission bits that control how files and directories behave in multi-user environments.
Special Permission Bits
1. Set User ID (SUID)
- When set on an executable file, the program runs with the permissions of the file owner, not the user who launched it.
- Useful for commands like
passwd, which must run with root privileges.
Set SUID:
chmod u+s filename
Remove SUID:
chmod u-s filename
Octal notation: Prefix with 4 (e.g., chmod 4755 filename)
2. Set Group ID (SGID)
- When set on an executable, it runs with the group privileges of the file.
- When set on a directory, new files inherit the group of the directory, not the user's default group.
Set SGID:
chmod g+s directoryname
Remove SGID:
chmod g-s directoryname
Octal notation: Prefix with 2 (e.g., chmod 2755 directoryname)
3. Sticky Bit
- Used on directories to restrict file deletion: only the file owner or root can delete files, even if others have write access.
- Commonly used in
/tmpto prevent users from deleting each other's files.
Set Sticky Bit:
chmod +t directoryname
Remove Sticky Bit:
chmod -t directoryname
Octal notation: Prefix with 1 (e.g., chmod 1755 directoryname)
Numeric (Octal) Permissions
Each permission level is represented by a number:
- Read = 4
- Write = 2
- Execute = 1
You combine them for each user type:
chmod 750 filename
- Owner: 7 (read + write + execute)
- Group: 5 (read + execute)
- Others: 0 (no access)