You are on page 1of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Basic User Administration in Linux To create a new user account in any

Linux distribution we can use command


USERADD/ADDUSER. Adding user account can be done by just supplying the

user name along with useradd command. The SUPERUSER/ROOT user is responsible for creating user account. Linux user account related information is stored in /etc/shadow , /etc/passwd , and /etc/group.
USERMOD command modifies a user account i.e. adding user to

existing

group. There are two types of groups. Primary ( -g) and (-G) Secondery. When a user account is created , some extra information is associated with account by default. To view these default values , use <useradd D> GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=no Command for creating a new user without Group # usedadd sam $ mkdir testdir $ touch file1 $ ls ld file1 testdir -rw-rw-r-- 1 sam sam 640 Jan 15 06:21 file1 drwxrwxr-x 2 sam sam 4096 Jan 15 06:18 testdir Successful People in life seem to like LINUX
Page 1 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) In linux , when a user is created (if group name is not specified) by default linux creates group name from the user name and also that user will be member of that group. ( Ex : see above user account sam). Password in Linux User account without a password that the user account will be in locked status. To unlock the account, need to use passwd command as root. Setting password for user sam # passwd sam Changing password for user sam. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.

Directly supply the encrypted password Whatever password we supply for a user account, it is encrypted and then stored. Using useradd p option we can directly supply an encrypted

password. Encrypted password is obtained from the crypt command. This option is not recommended because the password (encrypted password) will be visible by users listing the processes. Creating user account with account expiry date # useradd user1 -e 2013-04-30 Above Ex : From 30/4/2013 the user account will be disabled [-e expire ]. To avoid disable account , we can use [ f inactive ] option. Successful People in life seem to like LINUX
Page 2 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Setting account inactive state # useradd user2 -e -f 3 2013-04-30 After password expires, system will allow the user to login for 3 days with a warning to change his password. Add new user [user1] to /home/oracle Generally a normal user do not have write permission on /home/oracle directory. If we want to read files inside /home/oracle. local user should belong oracle user main directory and local user i.e . group member should need read , write, execute permission to access /home/oracle. Add usr1 with oinstall (-g) by default /home/oracle # useradd -g oinstall user1 -d /home/oracle Changing Group Permission to Read and Execute # chmod g=r+x /home/oracle/ Listing home/oracle Permission # ls -ld /home/oracle/ drwxr-x--- 29 oracle oinstall 4096 Jan 15 00:02 /home/oracle/ Logged as usr1 and checking usr1 home path
$ whoami usr1 $ pwd /home/oracle

Successful People in life seem to like LINUX

Page 3 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) USERDEL To remove a user from the system, we can use the userdel command to delete the user's login. Command userdel -r (recursively ) option, the user's home directory will also be removed. # userdel <user_name> # userdel <user_name> Deletes the user (user1) account # userdel -r <user_name> # userdel -r user1 Delete the user1 account recursively (home directory all files inside it). # userdel -f <user_name> # userdel -f user1 deletes even the user is still log in, it will force to delete the users home dir and files as well, this option is dangerous use with caution. GROUPADD and GROUPDEL Command groupadd is used to create group accounts. to the system. IF we dont specify a group_id, Linux will assign one automatically. ID value greater than 500 and greater than every other group. Values between 0 and 499 are typically reserved for system accounts. Group accounts information is maintained /etc/group and secure group

account information is maintained /etc/gshadow. We can use the


USERADD/USERMOD commands to add a user to a group.

# groupadd [creates new group]

Successful People in life seem to like LINUX

Page 4 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Creating Group with Specific group_id # groupadd apache -g 9090 # grep 9090 /etc/group apache:x:9090: # groupdel <group_name> Command groupdel is used to delete(remove) a group. This is an admin command. No options for groupdel command directly give the groupname. GROUPMOD System administration command. Modify group information for group. Change the old group name to new_name. # groupmod -n <new_group_name> <old_group_name> # groupadd -n apache apache1 # grep 9090 /etc/group apache1:x:9090: Change the old group id (9090) to new_id (9095) # groupmod g <gid> <group_name> # groupmod g 9095 apache1 # grep 9095 /etc/group apache1:x:9090: Specifies a new group identification number (GID) The GID must be a nonnegative decimal integer. When the o option is used, the GID can be duplicated.

Successful People in life seem to like LINUX

Page 5 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) USERMOD Command usermod can be used to modify a users account. Create the new home Dir for user1 # usermod -d /home/oracle user1 user1 old home path was /home/user1; now user1 would use /home/oracle/ as (-d) default home path. user1 default path will be where (-d) specifies. Setting password Expiry date and allow the user to login for 1 # usermod -e 2013-01-16 user1 # usermod -f 1 user1 -e on which the user account will be disabled. -f allows the user to login for n days with a warning to change the password. Set new initial group as oinstall # usermod -g oinstall user1 To lock users password. # usermod -L user1 To unlock users password. # usermod -U user1 LAST and LASTB last displays listing of last logged in users and system last reboot time and date $ last reboot reboot system boot 2.6.9-42.0.0.0.1 Sun Jan 13 04:34 reboot system boot 2.6.9-42.0.0.0.1 Sat Jan 12 04:14 (2+21:33) (3+21:53)
Page 6 of 26

Successful People in life seem to like LINUX

Advanced File Permissions in Linux - ( STICKY BIT ) Command last searches back through the file /var/log/wtmp and displays a list of all users logged in (and out) since that file was created. $ last oracle List all entries of oracle (user). $ last -6 List only last 6 entries. $ last List all entries. $ last -x|grep shutdown | head -1 shutdown system down 2.6.9-42.0.0.0.1 Wed Jan 16 02:14 - 02:21 (00:07) - x: Display the system shutdown entries and run level changes. $ lastb Display a list of recent bad login attempts (from the /var/log/btmp file). HISTROY Command history displays the command # and the command for auditing purpose. command history is a convenient tool that can use to review previous commands $ history 255 cd $ORACLE_HOME 256 cd dbs/ 257 orapwd file=orapwtestdb password=welcome entries=3 258 exit 259 cd $ORACLE_HOME 260 cd dbs/ Successful People in life seem to like LINUX

Page 7 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) CHMOD CHGRP CHOWN in LINUX All three commands are used to FILE/DIRECTORY access permission in Linux. Every file and directory in Linux has an OWNER and a GROUP. ls l or ls -ld command used to check the access permission of files and directories. drwxr-xr-x 2 oracle oinstall 4096 Jan 16 03:43 script -rw-r--r-- 1 oracle oinstall 670 Jan 16 03:43 script.sql Chown vs Chgrp Command chown is used to change the owner of a files and directories. [can change both user and group ownership]. Permissions can be changed by the owner or root user. [. and : are interchangeable, so u can use anything].
CHOWN stands for- CHange file OWNership and group.

Checking /home/oracle path permission

# ls -ld /home/oracle/ drwxr-x--- 32 oracle oinstall 4096 Jan 16 06:04 /home/oracle/ oinstall group members only can access /home/oracle/ because others dont have any rights to access /home/oracle path. See green color marked. Creating user sam with oinstall Group # useradd -g oinstall sam # su - sam $ groups oinstall Successful People in life seem to like LINUX
Page 8 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Listing Permissions for script dir in /home/oracle # pwd /home/oracle ls -ld script drwxr-xr-x 2 oracle oinstall 4096 Jan 16 03:43 script Change file ownership to user sam

# chown sam: oinstall script [or] # chown sam.oinstall script # ls -ld script drwxr-xr-x 2 sam oinstall 4096 Jan 16 03:43 script Change the group of the directory

# ls -ld script drwxr-xr-x 2 oracle oinstall 4096 Jan 16 03:43 script

# chown sam.dba script # ls -ld script drwxr-xr-x 2 sam dba 4096 Jan 16 03:43 script Change both owner and group # ls ld script drwxr-xr-x 2 oracle oinstall 4096 Jan 16 03:43 script We can change both Owner and group in single command.

Successful People in life seem to like LINUX

Page 9 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Now script directory ownership changed to sam with apache group. # chown sam.apache script # ls -ld script drwxr-xr-x 2 sam apache 4096 Jan 16 03:43 script Changing ownership of multiple files to sam user # pwd /home/oracle/script # ls -al -rw-r--r-- 1 root root -rw-r--r-- 1 root root -rw-r--r-- 1 root root -rw-r--r-- 1 root root 248 Jan 16 06:02 file1 254 Jan 16 06:02 file2 465 Jan 16 06:02 file3 640 Jan 16 06:02 file4

Changing ownership for files from root to sam # chown sam /home/oracle/script/{file1,file2,file3} or # chown sam /home/oracle/script/file1 /home/oracle/script/file2 /home/oracle/script/file3

-rw-r--r-- 1 sam root 248 Jan 16 06:02 file1 -rw-r--r-- 1 sam root 254 Jan 16 06:02 file2 -rw-r--r-- 1 sam root 465 Jan 16 06:02 file3 -rw-r--r-- 1 root root 640 Jan 16 06:02 fle4

Using R Recursively change ownership of directory and their contents. i.e to all files we can change ownership Successful People in life seem to like LINUX

Page 10 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Changing ownership using R (Recursively) /home/oracle/script # ls al -rw-r--r-- 1 sam root 248 Jan 16 06:02 file1 -rw-r--r-- 1 sam root 254 Jan 16 06:02 file2 -rw-r--r-- 1 sam root 465 Jan 16 06:02 file3 -rw-r--r-- 1 root root 640 Jan 16 06:02 fle4

Changing ownership from sam to root # chown root -R /home/oracle/script # chown root -f /home/oracle/script

/home/oracle/script # ls al -rw-r--r-- 1 root root 248 Jan 16 06:02 file1 -rw-r--r-- 1 root root 254 Jan 16 06:02 file2 -rw-r--r-- 1 root root 465 Jan 16 06:02 file3 -rw-r--r-- 1 root root 640 Jan 16 06:02 fle4

-f - To change the ownership permissions forcefully/silent/quiet. Change the owner of a file : root to sam -rwxrwx--- 1 root root 1304 Nov 2 09:56 space.sh # chown <owner> filename # chown sam space.sh -rwxrwx--- 1 sam root 1304 Nov 2 09:56 space.sh Successful People in life seem to like LINUX
Page 11 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Points to REMEMBER -R means include all subdirectories. ls l - To check ownership of a file or directory command chown is used to change the ownership of a file/folder. We can change even multiple files/folders at a time to a specified user/group. CHGRP chgrp - Change group ownership Command chgrp is used to change the group of the file or directory. The Root user only can change the group of the file or directory. In simple terms, Changing the group of one or more FILES/DIRECTORIES to new group. Changing group ownership recursively # chgrp -R <to_which_group> /path/ # chgrp -R root /home/san/ Changing the group specifically to a single file /home/sam/sample $ ls -l -rw-r--r-- 1 san oinstall -rw-r--r-- 1 sam oinstall -rw-r--r-- 1 sam oinstall -rw-r--r-- 1 sam oinstall -rw-r--r-- 1 sam oinstall 260 Jan 16 11:15 f1 340 Jan 16 11:15 f2 468 Jan 16 11:15 f3 568 Jan 16 11:15 f4 862 Jan 16 11:15 f5

drwxr-xr-x 2 sam oinstall 4096 Jan 16 11:15 lsn

Successful People in life seem to like LINUX

Page 12 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Changing group from oinstall to root for f1 and f2 # chgrp root /home/sam/sample/f1 # chgrp root /home/sam/sample/f2 # chgrp root /home/sam/sample/{f1,f2} # chgrp root /home/sam/sample/f1 /home/sam/sample/f2

/home/sam/sample $ ls -l -rw-r--r-- 1 san root -rw-r--r-- 1 sam root 260 Jan 16 11:15 f1 340 Jan 16 11:15 f2 468 Jan 16 11:15 f3 568 Jan 16 11:15 f4 862 Jan 16 11:15 f5

-rw-r--r-- 1 sam oinstall -rw-r--r-- 1 sam oinstall -rw-r--r-- 1 sam oinstall

drwxr-xr-x 2 sam oinstall 4096 Jan 16 11:15 lsn

Changing file f5 from oinstall to apache chgrp c to print [reporting] verbose , when a change is made. # chgrp c apache /home/sam/sample/f5 changed group of `/home/sam/sample/f5' to apache # ls -l -rw-r--r-- 1 sam apache 862 Jan 16 11:15 f5 If -c not specified , system wont print any message when changes made.

Successful People in life seem to like LINUX

Page 13 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) FILES and DIRECTORIES Permission in LINUX FILE BASE PERMISSION : 666 DIR BASE PERMISSION : 777 777 (rwx rwx rwx) No restrictions on permission. Anybody may do anything i.e. may list files , create new files in the directory and delete files in the directory. 755 (rwxr-xr-x) The owner may read, write, and execute the file. All others may read and execute the file [cant create files and directories] and also cannot delete anything. This setting is common for dir that we wish to share with others. 700 (rwx------) The owner has full access . Owner can read, write, and execute the file. Nobody else has any rights. 666 (rw-rw-rw-) All users may read and write the file. 644 (rw-rr) The owner can read and write a file, and all others may only read the file. This setting for files that everyone may read , but only the owner may change. 600 (rw-------) The owner may read and write a file. All others have no rights. Successful People in life seem to like LINUX
Page 14 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) CHMOD CHMOD stands for CHange MODe. Command chmod is used to change access permissions to files and

directories. i.e. changing the permissions of a file or directories. TYPES of FILE Permission read write
: :

Permitted to open and read the contents of file. Permitted to write (overwrite) or modify the file.

execute : Permitted to execute the file as a program/script. Types of DIRECTORY Permission read write
: :

Permitted to read the contents of dir ( view files & sub-dir) Permitted to write into the dir (creating files and sub-dir)

execute : Permitted to enter into that directory "Change Directory" (cd). Numeric values for the read(r), write(w) and execute(x) read write
: : 4

execute : 1 So , 7 comes from read + write + execute (4+2+1)=7 OPCODE , Permissions + =


: Add Permission : Remove permission

: Assign Permission

ls l command used to see permissions of FILE and DIRECTORY. Successful People in life seem to like LINUX
Page 15 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Symbolic Representation of Three different roles u is for user g is for group o is for others a is for all of the above (an abbreviation for ugo) Example of how a file/dir may be listed (ls l) drwxr-xr-x 2 oracle oinstall -rw-r--r-- 1 oracle oinstall 4096 Jan 16 07:14 script 690 Jan 16 20:50 script.sql

If first letter starts with d It is a Directory If first letter starts with /(l,b,c,p,s,m,n) It is a File. Next 9 Characters are broken down into 3 groups of 3 characters. First three are the permission of the owner. Middle three are permissions for the group. Last three are the permissions for everyone. Sample Permission Settings for FILE/DIRECTORY (ugo) 1 FILE Type 2 Read 3 write 4 execute 5 read 6 write 7 Execute 8 read 9 write 10 execute

User permissions

Group Permissions

Other Permissions

drwxrwxrwx = read, write and executable for owner, group and all others -rwxrwx- - - = read, write and executable for owner, group only -rw-rw-rw- = read and write for owner, group and all others -rwx- - - - - - = read, write and executable for owner only Successful People in life seem to like LINUX
Page 16 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Adding Single Permission to a File/Dir $ chmod u+x <file_name> $ chmod u+r sample.sh $ ls ld sample.sh -r-------- 1 oracle oinstall 640 Jan 17 00:05 sample.sh Add Multiple Permission to a File/Dir $ chmod u=r+w,g=r+x,o+r sample.sh $ ls -ld sample.sh -rw-r-xr-- 1 oracle oinstall 640 Jan 17 00:05 sample.sh Remove Permission from a File/Dir $ chmod g-r-x,o-r sample.sh $ ls -ld sample.sh -rw------- 1 oracle oinstall 640 Jan 17 00:05 sample.sh Change Permission for all roles on a file/Dir $ chmod a+r+w+x sample.sh $ ls -ld sample.sh -rwxrwxrwx 1 oracle oinstall 640 Jan 17 00:05 sample.sh Make permission for a file same as another file (using reference) $ ls -ld sample* -rw-r--r-- 1 oracle oinstall 640 Jan 17 01:08 sample1.sh

-rwxrwxrwx 1 oracle oinstall 640 Jan 17 00:05 sample.sh Successful People in life seem to like LINUX

Page 17 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) If we want to change a file permission same as another file, use the reference option In this example, <Sample1.sh> file permission will be set exactly same as <sample.sh> permission. $ chmod --reference=sample.sh sample1.sh $ ls -ld sample* -rwxrwxrwx 1 oracle oinstall 640 Jan 17 01:08 sample1.sh -rwxrwxrwx 1 oracle oinstall 640 Jan 17 00:05 sample.sh Here , sample1.sh file permission set exactly same as sample.sh permission. Using REFERENCE option. Applying Permission to all the FILES/SUB-DIR (recursively) - R - To change the permission recursively. /home/oracle # tree test/ test / f1 f2 test1 f1 f2 test2 f1 f2 test3 3 directories, 8 files (will be 755 permission) # chmod -R 755 /home/oracle/test/ # chmod -R u=r+w+x,g=r+x,o=r+x /home/oracle/test/

Successful People in life seem to like LINUX

Page 18 of 26

Advanced File Permissions in Linux - ( STICKY BIT )


POINTS TO REMEMBER

chown : Change the ownership of the file/dir (need to be root to use) chgrp : Change "Group Ownership" of a file or directory. chmod : Change the "access rights" to the file or directory. Directory Default Permission is 755. Directory Base Permission is 777. Umask would be 022 (777 755) Directory Default Permission is 755. File Base Permission is 644. Umask would be 022 (666 644) read=4; write=2; execute=1; Octal Representation for Permissions Setting (r w) to user and( r ) to group and others. $ chmod 644 sample.sql $ chmod u=r+w,g+r,o=r sample.sql Setting (rx) to user and ( 0 ) to group , and r (4 ) to others. $ chmod 504 script.sh $ chmod u=r+x,g=0,o=r script.sh Setting (rw) to user and (r) to group, and (0 ) to others. $ chmod 604 samp.sql $ chmod u+r+w,g=r,o=0 samp.sql Octal representation cmds are background colored to identify separately.

Successful People in life seem to like LINUX

Page 19 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) STICKY BIT The STICKY BIT is primarily used on shared directories to prevent users from renaming or deleting . Other users [cannot delete or rename the files (or) sub - directories] within that directory. The STICKY BIT is represented by the letter t in the last character with the other permissions. If STICKY BIT is enabled on a directory , only the owner and the super user (root) can delete / rename the files or directories within that directory. Identifying Sticky Permissions. $ ls -ld /var/tmp drwxrwxrwt 3 root root 4096 Dec 24 03:40 /var/tmp "t" that tells us that the sticky bit is set. "t"
refers to when the execute permissions are ON.

"T" refers to when the execute permissions are OFF.

/tmp, which must be publicly writable, but should deny users permission to delete or rename it. Sticky Bit Setup Command chmod to set the sticky bit. If we need OCTAL numbers in [chmod] command put 1 prefix before specifying directory privilege. i.e. $ chmod 1757 <dir_name>. Here in 1757, 1 indicates STICKY BIT set, 7 for full permissions for owner, 5 for (r- x) permissions for group, and full permissions for others. Successful People in life seem to like LINUX
Page 20 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Setting Sticky bit to directory (Option -1) /home/rose $ mkdir shell_script shell_sample $ ls -l drwxr-xr-x 2 rose oragroup 4096 Jan 17 10:45 shell_script drwxr-xr-x 2 rose oragroup 4096 Jan 17 10:45 shell_sample Difference between t vs T $ chmod 1 757 shell_scripts $ chmod 1 750 shell_samples $ ls -ld shell_scripts shell_samples drwxr-xrwt 2 rose oragroup 4096 Jan 17 10:45 shell_scripts drwxr-xrwT 2 rose oragroup 4096 Jan 17 10:45 shell_samples Setting Sticky bit to directory (Option -2) /home/rose $ tree . sample_scripts shell_script shell_samples test_dir file1 file2 fille3 4 directories, 3 files Successful People in life seem to like LINUX
Page 21 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Enable Sticky bit to test_dir

$ mkdir test_dir $ chmod 757 test_dir/ $ chmod +t test_dir/ $ ls -l drwxr-xrwt 2 rose oragroup 4096 Jan 17 11:37 test_dir Creating fies under test_dir [ rose] $ cd test_dir/ $ touch file1 file2 file3 $ ls -l -rw-r--r-- 1 rose oragroup 128 Jan 18 00:40 file1 -rw-r--r-- 1 rose oragroup 264 Jan 18 00:40 file2 -rw-r--r-- 1 rose oragroup 187 Jan 18 00:00 file3 Connecting oracle user to access /home/rose/testdir

/home/oracle oracle@localhost-]$ ls ld /home/rose/test_dir/ drwxr-xrwt 2 rose oragroup 4096 Jan 18 01:07 /home/rose/test_dir/ $ cd home/rose/test_dir/ $ ls -l -rw-r--r-- 1 rose oragroup 128 Jan 18 00:40 file1 -rw-r--r-- 1 rose oragroup 264 Jan 18 00:40 file2 -rw-r--r-- 1 rose oragroup 187 Jan 18 00:00 file3

Successful People in life seem to like LINUX

Page 22 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Now oracle user can access test_dir and their contents. Lets check how sticky bit works here .. User oracle trying to remove all files under test_dir [oracle@testorcl test_dir] $ rm -rf fi* rm: cannot remove `file1': Operation not permitted rm: cannot remove `file2': Operation not permitted rm: cannot remove `file3': Operation not permitted User oracle trying to move all files under test_dir to /home/rose $ [oracle@testorcl test_dir] $ mv file* /home/rose/ mv: cannot move `file1' to `/home/rose/file1': Operation not permitted mv: cannot move `file2' to `/home/rose/file2': Operation not permitted mv: cannot move `file3' to `/home/rose/file3': Operation not permitted User oracle trying to remove test_dir $ cd .. oracle@testorcl rose] rm -rf test_dir/ rm: cannot remove `test_dir//file3': Operation not permitted rm: cannot remove `test_dir//file2': Operation not permitted rm: cannot remove `test_dir//file1': Operation not permitted All three operations are failed because stick bit is enabled on test_dir. Other users cant remove or move[rename] on test_dir and their contents. This is good example for sticky bit enables on directory [/test_dir] to prevent

ordinary users from deleting or moving.

Successful People in life seem to like LINUX

Page 23 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) As i said , owner and the super user (root) can delete / rename the files or directories even sticky bit enabled. Lets check. Super user (#- root) is deleted test_dir contents. # rm -rf /home/rose/test_dir/f* # cd /home/rose/test_dir/ # ls -l total 0 Dir owner (rose) removed test_dir /home/rose $ rm rf test_dir/ $ ls -ld test_dir ls: test_dir: No such file or directory
POINTS TO NOTE :

Can set sticky bit for files ? Yes, but most of the time it is not required. Setting the sticky bit on a file is pretty much useless, and it doesnt do anything To remove sticky bit on a FILE/DIRECTORY. Should use t option. $ chmod t <dir_name> There are Three special attributes other than the common (r/w/x) drwxrwxrwt - Sticky Bits - chmod 1777 drwsrwxrwx - SUID set - chmod 4777 drwxrwsrwx - SGID set - chmod 2777 Successful People in life seem to like LINUX
Page 24 of 26

Advanced File Permissions in Linux - ( STICKY BIT ) Advanced File Permission in Linux
SUID OR SETUID :

suid and sgid on FILES change user ID on execution. Program runs as the equivalent user ID to whatever the SUID is set to. Set it to root , and a normal user can run the program with root-level rights.
SGID OR SETGID :

sgid on DIRECTORIES change group ID on execution. Program runs with permissions of the GROUP. If the group has root privileges, and the group is set to be root, then anyone in that group can run the program with those rights. Simple Example
SUID : If we run a program and the program tries to access files/dir. whatever

it will use your user and group id for permissions.If you don't have access to a file, the program won't have it as well. However if suid is set for the executable the user id of the owner is used when executed. Same for groupandsgid.
SGID : sgid on DIRECTORIES; When we create a file or directory the result will

have user and group id. However, if the directory where you create has sgid set, the new file or directory will inherit the group id of the directory it is created in instead of your group id. New directories will inherit the sgid as well

Successful People in life seem to like LINUX

Page 25 of 26

Advanced File Permissions in Linux - ( STICKY BIT )

Successful People in life seem to like LINUX

Page 26 of 26