In this article, we will thoroughly examine the basic logic of permissions in Linux, changing permissions and ownership, and special permissions such as SUID, SGID, and sticky bit.
1. Basic Logic of Permissions
In Linux, every file and directory has three basic access types:
- Read (r): Permission to read the contents of a file or list the contents of a directory.
- Write (w): Permission to modify the contents of a file or add/remove files in a directory.
- Execute (x): Permission to run a file (e.g., a script or program) or enter a directory.
These permissions are defined separately for three different user categories:
- Owner (user): The user who created or owns the file or directory.
- Group (group): The user group associated with the file.
- Others (others): All other users on the system.
Viewing Permissions
To view permissions, use the ls -l command. Example output:
- First character: File type (- for file, d for directory, l for symbolic link).
rwx (owner): Read, write, execute.
r-x (group): Read, execute.
r-- (others): Read only.
2. Changing Permissions: chmod Command
Use the chmod command to change file and directory permissions. This command supports two methods: symbolic mode and numeric (octal) mode.
Symbolic Mode
User categories: u owner, g group, o others, a all.
Operators: + add permission, - remove permission, = set permission.
Permission types: r read, w write, x execute.
As seen in the image, full permissions (rwx) were granted to the owner. Additional Examples:
chmod go-w example.txt: Removes write permission from group and others.chmod a=r example.txt: Sets read-only permission for everyone.
Numeric (Octal) Mode
In numeric mode, each permission type is represented by a number:
r = 4,w = 2,x = 1.- Permissions are summed to create a three-digit number (owner, group, others).
Here, permissions were changed using numeric mode. For example, user received 4=read, 2=write, and 1=execute permissions. Their sum is 7. Briefly, this is how it works. Additional Examples:
chmod 755 example.txt: Full permission for owner7 = 4+2+1, read and execute for group and others5 = 4+1.chmod 644 example.txt: Read and write for owner6 = 4+2, read-only for group and others4.
3. Changing Ownership: chown
Change file/directory ownership with:
Warning
This command typically requires root privileges.
4. Special Permissions: SUID, SGID, and Sticky Bit
Linux has special permissions that alter file/directory behavior: SUID, SGID, and sticky bit.
SUID (Set User ID)
When set on a program, it runs with the owner's permissions (not the executor's).
In this example, the passwd command runs with root's permissions (owner), allowing password changes. If another user owned the program, it would run with their permissions.
Set SUID with chmod u+s and remove with u-s:
When SUID is removed, s becomes x in permissions. The reverse applies too.
Warning
SUID only applies to executable files. For non-executable files (e.g., test.txt with -rw-r--r-- permissions), setting SUID shows an uppercase S in ls -l. Example:
-rwSr--r-- 1 user group 0 Apr 10 12:00 test.txt
Uppercase S indicates SUID is set but the file is not executable. Adding execute permission (chmod u+x test.txt) changes S to lowercase s.
SGID (Set Group ID)
For files: The program runs with the group's permissions.
Like SUID, the passwd program here runs with the group's permissions due to SGID.
For directories: New files inherit the directory's group ownership. Files created in an SGID-enabled folder take the folder's group, not the creator's default group.
Warning
Files created in an SGID-enabled folder do not automatically inherit SUID/SGID. These bits must be set manually.
Sticky Bit
Sticky Bit restricts file deletion in shared directories to owners or root.
Enable with chmod o+t <directory>.
Example: /tmp is a shared directory. With Sticky Bit, users can only delete their own files.
Note
Sticky Bit only affects file deletion/renaming; content modification is controlled by file permissions.
Comments
Loading comments...