Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Permission Question
Top Forums UNIX for Dummies Questions & Answers Permission Question Post 302269218 by Tiger75 on Wednesday 17th of December 2008 05:56:33 AM
Old 12-17-2008
s stands for setting the User ID/Group ID.
t stands for setting the Sticky bit
  • SUID or setuid: change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed.
  • SGID or setgid: change group ID on execution. Same as above, but inherits rights of the group of the owner of the file. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file).
  • Sticky bit. It was used to trigger process to "stick" in memory after it is finished, now this usage is obsolete. Currently its use is system dependant and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have "write" access to.
The most common use of the sticky bit today is on directories, where, when set, items inside the directory can only be renamed or deleted by the item's owner, the directory's owner, or the superuser. Generally this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files.
The sticky bit can only be set by superuser root. Using the chmod command, it can be set using its octal mode 1000 or by its symbol t (s is already used by the setuid bit).
SUID stands for "Set User-ID". If the suid bit is enable on an executable, then whenever that program is run the process will take on the privilege of whoever the file owner is. For example if I have a suid binary which is owned by "root" and I execute it as my normal (non-root) user name, it will execute with all the permissions of root.


SUIDIf set, then replaces "x" in the owner permissions to "s", if owner has execute permissions, or to "S" otherwise. Examples:
-rws------ both owner execute and SUID are set
-r-S------ SUID is set, but owner execute is not setSGIDIf set, then replaces "x" in the group permissions to "s", if group has execute permissions, or to "S" otherwise. Examples:
-rwxrws--- both group execute and SGID are set
-rwxr-S--- SGID is set, but group execute is not setStickyIf set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise. Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set
 

10 More Discussions You Might Find Interesting

1. Filesystems, Disks and Memory

Tricky File Permission Question

I'm trying to answer the following question about file permissions in Unix. Consider a file with the following permissions: rwx---r-- I am not the owner of this file, but I am a member of the group of this file. My question is: do I have read access to this file? I thought... (3 Replies)
Discussion started by: Hook
3 Replies

2. UNIX for Dummies Questions & Answers

Basic question re. permission denied

Hi I have a folder with permissions like this: drwxr-xr-x 2 root root 4096 Mar 4 18:02 sites But when I try to cd to this directory as 'testuser' (member of testuser) I get Permission Denied. My understanding of permissions is that in this case other (say testuser) should be able to... (2 Replies)
Discussion started by: justinwyllie
2 Replies

3. UNIX for Dummies Questions & Answers

group & user permission question

Folks; I'd like to create a group on my Linux box & add a few users to it. Is there a way to do so and restrict this group/users to have access to only one or directory trees? Let's say i need this group to only have a read write access to only these two directories /opt/Virtu & /fsn/comers ... (10 Replies)
Discussion started by: Katkota
10 Replies

4. UNIX for Dummies Questions & Answers

a permission question

what permissions are needed in order to run an executable file if you ae not the ownner? read, and excute? would it be chmod 717? (5 Replies)
Discussion started by: trob
5 Replies

5. Ubuntu

Permission (I Think)

Pictures by worthamtx - Photobucket The URL is graphic view my present concern. Old partition working great sdb1 both appear on nautilus, both deliver icons to desk top. Based on the label handling of gparted results I tried following with success sudo mkdir /media/disk/data sudo chown... (1 Reply)
Discussion started by: 77yrold
1 Replies

6. UNIX for Dummies Questions & Answers

Simple question on unix file permission

As I understand the file permissions in UNIX is basically Owner, group, others Lets assume scott user who's primary group is dev creates a file called test.dat and then grants some privileges on that file... scott@unix-host> echo "this is a test" > test.dat scott@unix-host> chmod 640... (4 Replies)
Discussion started by: luft
4 Replies

7. UNIX for Dummies Questions & Answers

permission question

Hi, On the Redhat ES, when I do ls -l I see dot (.) after the permission. I never saw on other UNIX systems. Is that some thing new RH 6? -rw-r--r--. <---- this dot, I am referring to -rw-r--r--. 1 root root 18 May 20 2009 .bash_logout -rw-r--r--. 1 root root 176 May 20 ... (1 Reply)
Discussion started by: samnyc
1 Replies

8. Red Hat

SeLinux permission question

Hi, in /etc/httpd/conf/httpd.conf #DocumentRoot "/var/www/html" DocumentRoot "/home/phpmy/html" when I restarted httpd # /etc/init.d/httpd restart Stopping httpd: Starting httpd: Syntax error on line 293 of /etc/httpd/conf/httpd.conf:... (0 Replies)
Discussion started by: jediwannabe
0 Replies

9. UNIX for Dummies Questions & Answers

File Permission question

Experts: i want to change this permission back to the way it was: Initial: drwxr-xr-x 8 oracle oinstall 4096 Jun 5 15:21 oracle Now: drwxr-xr-x 8 oracle oinstall 4096 Jun 5 15:21 oracle drwsr-sr-x 8 oracle oinstall 4096 Jun 5 15:21 oracle Now I want to switch it back to ... (2 Replies)
Discussion started by: sumang24
2 Replies

10. Shell Programming and Scripting

Permission denied question

Dear forum members, Below is my code, but I am getting permission denied when I try to run the script. Can someone explain what I am missing. I am using Mojave and try to run script on terminal. #!/bin/bash read -p "amino acid: " AAA if || || || || || || || || || || ||... (2 Replies)
Discussion started by: Aurimas
2 Replies

LEARN ABOUT ULTRIX

chmod

chmod(1)						      General Commands Manual							  chmod(1)

Name
       chmod - change file mode

Syntax
       chmod [ -fR ] mode file...

Description
       Permissions on files are set according to mode and file parameters.

       For file, you can specify either a full or partial path.  You can specify multiple files, separated by spaces.

       For mode, you specify one of two variants: absolute mode or symbolic mode.

   Absolute Mode
       For mode in absolute form, you specify an octal number constructed from the sum of one or more of the following values:

	      4000	set user ID on execution (applies to executable files only)
	      2000	set group ID on execution (applies to executable files only)
	      1000	set sticky bit (see for more information)
	      0400	read by owner
	      0200	write by owner
	      0100	execute, or search if file is a directory, by owner
	      0040	read by group
	      0020	write by group
	      0010	execute, or search if file is a directory, by group
	      0004	read by others
	      0002	write by others
	      0001	execute, or search if file is a directory, by others

       For  example, the absolute mode value that provides read, write, and execute permission to owner, read and execute permission to group, and
       read and execute permission to others is 755 (400+200+100+40+10+4+1).  The absolute mode value that provides read, write, and execute  per-
       mission to owner and no permission to group or others is 700 (400+200+100).

   Symbolic Mode
       To specify mode in symbolic form, use the following format:

	      [who] op permission [op permission] ...  Spaces are included in the preceding format so that you can read the arguments; however, as
	      will be shown in examples that follow, you do not enter spaces between mode arguments.

       Specify who using the letters u (for owner), g (for group) and o (for others) either alone or in combination.  You  can	also  specify  the
       letter  a (for all), which is is equivalent to the letter combination ugo.  If you omit the who parameter, a is assumed.  For more informa-
       tion, see

       For the op parameter, specify the plus sign (+) to add permission to the file's mode, the minus sign (-)  to  remove  permission  from  the
       file's  mode,  or the equal sign (=) to assign permission absolutely (denying or revoking any permission not explicitly specified following
       the equal sign).  The first command in the following example provides group with execute permission for in addition to  any  other  permis-
       sions group currently has for The second command limits the permission that group has for to execute alone:
       chmod g+x filea
       chmod g=x fileb

       For  the  permission  parameter,  specify any combination of the letters r (read), w (write), x (execute), s (set owner or group id), and t
       (save text - sticky).  Alternatively, you can specify the letter u, g, or o to set permission for the who parameter to be the same  as  the
       permission  currently granted to the user category indicated by the letter.  In the following example, the group (g) is given the same per-
       missions on as currently granted to owner (u):
       chmod g=u filea

       You can revoke all permissions by specifying the who argument followed by =, and omitting the permission argument.  For example,  the  fol-
       lowing command removes all permissions from others for
       chmod o= fileb

       When  specifying  more than one symbolic mode for file, separate the modes with commas. The mode changes are applied in the sequence speci-
       fied.  In the following example, write permission is added to the permissions already granted to the owner of and group is then granted the
       same permissions on as granted the owner:
       chmod u+w,g=u filea

Options
       -f   Inhibits display of errors that are returned if fails to change the mode on a file.

       -R   Causes  to	recursively descend any directories subordinate to file and to set the specified mode for each file encountered.  However,
	    when symbolic links are encountered, does not change the mode of the link file and does not traverse  the  path  associated  with  the
	    link.  Note that the option is useful only when file identifies a directory that is not empty.

Restrictions
       The permission letter s is used only with who letter u or g.

       Only the owner of a file  or someone logged on as superuser may change the mode of that file.

Examples
       Using  absolute	mode,  provide	read,  write, and search permission to the owner, and read and search permission to others for a directory
       named
       chmod 755 ~harris/public

       Using absolute mode, set the UID for execution to be the UID of of the file owner rather than the UID of the user running  the  program	as
       follows:
       chmod 4000 progrmb

       Using symbolic mode, perform the same operation as described for the preceding example:
       chmod u=s progrmb

       Using symbolic mode, deny write permission to others for the file
       chmod o-w ourspec

       Using symbolic mode, give execute permission on file to all user categories:
       chmod +x myprog

       Using symbolic mode, give write permission to all group members, deny write permission to others, and give search permission to owner on
       chmod g+w,o-r,u+x docdir

       Using  symbolic	mode, give read and execute permissions to others for a directory named and then recursively descend the paths subordinate
       to adding the  same permissions for others on all files and directories included in the subordinate paths:
       chmod -R o+rx programs
       In the preceding example, if were the name of a file rather than a directory, would change the mode only of the file.

See Also
       ls(1), chmod(2), stat(2), umask(2), chown(8)

																	  chmod(1)
All times are GMT -4. The time now is 06:23 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy