Archive:Docs/Drafts/AdministrationGuide/Permissions/PermissionsSpecial

= Permissions =

Special Permissions
There are two special permissions that can be set on executable files: Set User ID (setuid) and Set Group ID (sgid). These permissions allow the file being executed to be executed with the privileges of the owner or the group. For example, if a file was owned by the root user and has the setuid bit set, no matter who executed the file it would always run with root user privileges.

Set User ID (setuid)
You must be the owner of the file or the root user to set the setuid bit. Run the following command to set the setuid bit: chmod u+s file1

View the permissions using the  command: ls -l file1 -rwSrw-r-- 1 user1 user1 0 2007-10-29 21:41 file1 Note the capital. This means there are no execute permissions. Run the following command to add execute permissions to the  file, noting the lower case  : chmod u+x file1 ls -l file1 -rwsrw-r-- 1 user1 user1 0 2007-10-29 21:41 file1 Note the lower case. This means there are execute permissions.

Alternatively, you can set the setuid bit using the numeric method by prepending a  to the mode. For example, to set the setuid bit, read, write, and execute permissions for owner of the  file, run the following command: chmod 4700 file1

Set Group ID (setgid)
When the Set Group ID bit is set, the executable is run with the authority of the group. For example, if a file was owned by the  group, no matter who executed that file it would always run with the authority of the   group. For example, run the following command as to set the setgid bit on the  file:

chmod g+s

Note that both the setuid and setgid bits are set using the  symbol. Alternatively, prepend a 2 to the mode. For example, run the following command as root to set the setgid bit, and read, write, and execute permissions for the owner of the  file:

chmod 2700 file1

The setgid is represented the same as the setuid bit, except in the group section of the permissions:

ls -l file1 -rwx--S--- 1 user1 user1 0 2007-10-30 21:40 file1

Use the  command to set the setuid bit. Use the  command to set the setgid bit.

Special Permissions for Directories
There are two special permissions for directories: the sticky bit and the setgid bit. When the sticky bit is set on a directory, only the root user, the owner of the directory, and the owner of a file can remove files within said directory.

Sticky Bit
An example of the sticky bit is the  directory. Use the  command to view the permissions:

ls -ld /tmp drwxrwxrwt 24 root root  4096 2007-10-30 22:00 tmp

The  at the end symbolizes that the sticky bit is set. A file created in the  directory can only be removed by its owner, or the root user. For example, run the following command to set the sticky bit on the  folder:

chmod a+t folder1

Alternatively, prepend a  to the mode of a directory to set the sticky bit:

chmod 1777 folder1

The permissions should be read, write, and execute for the owner, group, and everyone else, on directories that have the sticky bit set. This allows anyone to  into the directory and create files.

Set Group ID
When the setgid bit is set on a directory, all files created within said directory inherit the group ownership of that directory. For example, the  folder is owned by the user , and the group  :

ls -ld folder1 drwxrwxr-x 2 user1 group1 4096 2007-10-30 22:25 folder1

Files created in the  folder will inherit the   group membership:

touch folder1/file1

ls -l folder1/file1 -rw-rw-r-- 1 user1 group1 0 2007-10-30 22:29 folder1/file1

To set the setgid bit on a directory, use the  command:

chmod g+s folder1

View the permissions using the  command, noting the   in the group permissions:

ls -ld folder1 drwxrwsr-x 2 user1 group1 4096 2007-10-30 22:32 folder1

Alternatively, prepend a  to the directories mode:

chmod 2770 folder1

{| border="1"
 * Administration Guide - TOC || Previous Page: Managing Permissions Using the GUI || Permission: Introduction
 * Administration Guide - TOC || Previous Page: Managing Permissions Using the GUI || Permission: Introduction