12-17-2008
s stands for setting the User ID/Group ID.
t stands for setting the Sticky bit
- SUID or setuid: change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed.
- SGID or setgid: change group ID on execution. Same as above, but inherits rights of the group of the owner of the file. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file).
- Sticky bit. It was used to trigger process to "stick" in memory after it is finished, now this usage is obsolete. Currently its use is system dependant and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have "write" access to.
The most common use of the sticky bit today is on directories, where, when set, items inside the directory can only be renamed or deleted by the item's owner, the directory's owner, or the superuser. Generally this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files.
The sticky bit can only be set by superuser root. Using the chmod command, it can be set using its octal mode 1000 or by its symbol t (s is already used by the setuid bit).
SUID stands for "Set User-ID". If the suid bit is enable on an executable, then whenever that program is run the process will take on the privilege of whoever the file owner is. For example if I have a suid binary which is owned by "root" and I execute it as my normal (non-root) user name, it will execute with all the permissions of root.
SUIDIf set, then replaces "x" in the owner permissions to "s", if owner has execute permissions, or to "S" otherwise. Examples:
-rws------ both owner execute and SUID are set
-r-S------ SUID is set, but owner execute is not setSGIDIf set, then replaces "x" in the group permissions to "s", if group has execute permissions, or to "S" otherwise. Examples:
-rwxrws--- both group execute and SGID are set
-rwxr-S--- SGID is set, but group execute is not setStickyIf set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise. Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set
10 More Discussions You Might Find Interesting
1. Filesystems, Disks and Memory
I'm trying to answer the following question about file permissions in Unix. Consider a file with the following permissions:
rwx---r--
I am not the owner of this file, but I am a member of the group of this file.
My question is: do I have read access to this file?
I thought... (3 Replies)
Discussion started by: Hook
3 Replies
2. UNIX for Dummies Questions & Answers
Hi
I have a folder with permissions like this:
drwxr-xr-x 2 root root 4096 Mar 4 18:02 sites
But when I try to cd to this directory as 'testuser' (member of testuser) I get Permission Denied.
My understanding of permissions is that in this case other (say testuser) should be able to... (2 Replies)
Discussion started by: justinwyllie
2 Replies
3. UNIX for Dummies Questions & Answers
Folks;
I'd like to create a group on my Linux box & add a few users to it.
Is there a way to do so and restrict this group/users to have access to only one or directory trees?
Let's say i need this group to only have a read write access to only these two directories /opt/Virtu & /fsn/comers
... (10 Replies)
Discussion started by: Katkota
10 Replies
4. UNIX for Dummies Questions & Answers
what permissions are needed in order to run an executable file if you ae not the ownner?
read, and excute? would it be chmod 717? (5 Replies)
Discussion started by: trob
5 Replies
5. Ubuntu
Pictures by worthamtx - Photobucket
The URL is graphic view my present concern. Old partition working great sdb1
both appear on nautilus, both deliver icons to desk top. Based on the label handling of gparted results I tried following with success
sudo mkdir /media/disk/data
sudo chown... (1 Reply)
Discussion started by: 77yrold
1 Replies
6. UNIX for Dummies Questions & Answers
As I understand the file permissions in UNIX is basically
Owner, group, others
Lets assume scott user who's primary group is dev creates a file called test.dat and then grants some privileges on that file...
scott@unix-host> echo "this is a test" > test.dat
scott@unix-host> chmod 640... (4 Replies)
Discussion started by: luft
4 Replies
7. UNIX for Dummies Questions & Answers
Hi,
On the Redhat ES, when I do ls -l I see dot (.) after the permission. I never saw on other UNIX systems. Is that some thing new RH 6?
-rw-r--r--. <---- this dot, I am referring to
-rw-r--r--. 1 root root 18 May 20 2009 .bash_logout
-rw-r--r--. 1 root root 176 May 20 ... (1 Reply)
Discussion started by: samnyc
1 Replies
8. Red Hat
Hi,
in /etc/httpd/conf/httpd.conf
#DocumentRoot "/var/www/html"
DocumentRoot "/home/phpmy/html"
when I restarted httpd
# /etc/init.d/httpd restart
Stopping httpd:
Starting httpd: Syntax error on line 293 of /etc/httpd/conf/httpd.conf:... (0 Replies)
Discussion started by: jediwannabe
0 Replies
9. UNIX for Dummies Questions & Answers
Experts: i want to change this permission back to the way it was:
Initial:
drwxr-xr-x 8 oracle oinstall 4096 Jun 5 15:21 oracle
Now: drwxr-xr-x 8 oracle oinstall 4096 Jun 5 15:21 oracle
drwsr-sr-x 8 oracle oinstall 4096 Jun 5 15:21 oracle
Now I want to switch it back to ... (2 Replies)
Discussion started by: sumang24
2 Replies
10. Shell Programming and Scripting
Dear forum members,
Below is my code, but I am getting permission denied when I try to run the script. Can someone explain what I am missing. I am using Mojave and try to run script on terminal.
#!/bin/bash
read -p "amino acid: " AAA
if || || || || ||
|| || || || ||
||... (2 Replies)
Discussion started by: Aurimas
2 Replies
chmod(1) General Commands Manual chmod(1)
Name
chmod - change file mode
Syntax
chmod [ -fR ] mode file...
Description
Permissions on files are set according to mode and file parameters.
For file, you can specify either a full or partial path. You can specify multiple files, separated by spaces.
For mode, you specify one of two variants: absolute mode or symbolic mode.
Absolute Mode
For mode in absolute form, you specify an octal number constructed from the sum of one or more of the following values:
4000 set user ID on execution (applies to executable files only)
2000 set group ID on execution (applies to executable files only)
1000 set sticky bit (see for more information)
0400 read by owner
0200 write by owner
0100 execute, or search if file is a directory, by owner
0040 read by group
0020 write by group
0010 execute, or search if file is a directory, by group
0004 read by others
0002 write by others
0001 execute, or search if file is a directory, by others
For example, the absolute mode value that provides read, write, and execute permission to owner, read and execute permission to group, and
read and execute permission to others is 755 (400+200+100+40+10+4+1). The absolute mode value that provides read, write, and execute per-
mission to owner and no permission to group or others is 700 (400+200+100).
Symbolic Mode
To specify mode in symbolic form, use the following format:
[who] op permission [op permission] ... Spaces are included in the preceding format so that you can read the arguments; however, as
will be shown in examples that follow, you do not enter spaces between mode arguments.
Specify who using the letters u (for owner), g (for group) and o (for others) either alone or in combination. You can also specify the
letter a (for all), which is is equivalent to the letter combination ugo. If you omit the who parameter, a is assumed. For more informa-
tion, see
For the op parameter, specify the plus sign (+) to add permission to the file's mode, the minus sign (-) to remove permission from the
file's mode, or the equal sign (=) to assign permission absolutely (denying or revoking any permission not explicitly specified following
the equal sign). The first command in the following example provides group with execute permission for in addition to any other permis-
sions group currently has for The second command limits the permission that group has for to execute alone:
chmod g+x filea
chmod g=x fileb
For the permission parameter, specify any combination of the letters r (read), w (write), x (execute), s (set owner or group id), and t
(save text - sticky). Alternatively, you can specify the letter u, g, or o to set permission for the who parameter to be the same as the
permission currently granted to the user category indicated by the letter. In the following example, the group (g) is given the same per-
missions on as currently granted to owner (u):
chmod g=u filea
You can revoke all permissions by specifying the who argument followed by =, and omitting the permission argument. For example, the fol-
lowing command removes all permissions from others for
chmod o= fileb
When specifying more than one symbolic mode for file, separate the modes with commas. The mode changes are applied in the sequence speci-
fied. In the following example, write permission is added to the permissions already granted to the owner of and group is then granted the
same permissions on as granted the owner:
chmod u+w,g=u filea
Options
-f Inhibits display of errors that are returned if fails to change the mode on a file.
-R Causes to recursively descend any directories subordinate to file and to set the specified mode for each file encountered. However,
when symbolic links are encountered, does not change the mode of the link file and does not traverse the path associated with the
link. Note that the option is useful only when file identifies a directory that is not empty.
Restrictions
The permission letter s is used only with who letter u or g.
Only the owner of a file or someone logged on as superuser may change the mode of that file.
Examples
Using absolute mode, provide read, write, and search permission to the owner, and read and search permission to others for a directory
named
chmod 755 ~harris/public
Using absolute mode, set the UID for execution to be the UID of of the file owner rather than the UID of the user running the program as
follows:
chmod 4000 progrmb
Using symbolic mode, perform the same operation as described for the preceding example:
chmod u=s progrmb
Using symbolic mode, deny write permission to others for the file
chmod o-w ourspec
Using symbolic mode, give execute permission on file to all user categories:
chmod +x myprog
Using symbolic mode, give write permission to all group members, deny write permission to others, and give search permission to owner on
chmod g+w,o-r,u+x docdir
Using symbolic mode, give read and execute permissions to others for a directory named and then recursively descend the paths subordinate
to adding the same permissions for others on all files and directories included in the subordinate paths:
chmod -R o+rx programs
In the preceding example, if were the name of a file rather than a directory, would change the mode only of the file.
See Also
ls(1), chmod(2), stat(2), umask(2), chown(8)
chmod(1)