How to set Special Permissions In Linux

Set And Change special Permission or Advanced
Permission in Linux

In This Tutorial we will learn about how to set
special permission to file and directories.
There are three special permissions that can be
assigned to a file or directory apart from basic file permissions (RWX). With
the help of “chmod” command  we can
implement the special permissions or advanced permission on file and
directories. These special permission are as fallows.
  • SUID – SET USER ID
  • SGID – SET GROUP ID
  • STICKY BIT

Permission
Symbolic Form
Numeric Form
Syntax
SETUID
s or S
4
#chmod
u+s   or    #chmod 4766
SETGID
s or S
2
#chmod
g+s   or    #chmod 2766
STICKYBIT
t or T
1
#chmod
o+t   or    #chmod 1766
Note: Where s=setuid
+execute
permission and S= setuid
only. Same is for SGID and also for Sticky Bit.
  • How
    can we set SUID

SUID
– SET USER ID
Change user ID on execution. If SETUID bit is set,
when the file will be executed by a user, the process will have the rights as
the owner of the file being executed. Many of the system commands are the best
example of SUID, Basically the owner of the commands will be root, but still
normal user can execute it. For example, the suid permission on the passwd
command makes it possible for a normal user to change passwords by updating few
system files like /etc/passwd and /etc/shadow which can’t be updated by
non-root accounts. Therefore, passwd command always run with root user rights.

Symbolic
way:
    [root@linuxelearn
~]# chmod
u+s file1.txt
    [root@linuxelearn
~]# ll
file1.txt
    -rwSrw-r–
1 root root 0 Dec 24 22:40 file1.txt
Numerical
way:
    [root@linuxelearn
~]# chmod
4655 file1.txt
    [root@linuxelearn
~]# ll
file1.txt
    -rwSr-xr-x
1 root root 0 Dec 24 22:45 file1.txt*
Example
:

By default ping command is having suid, so all users
can run that command but if suid is removed and a normal user wants to execute
it, then it will show “Operation not permitted”.
[root@linuxelearn
~]# which ping
/bin/ping
[root@linuxelearn
~]# ls -l /bin/ping
-rwsr-xr-x.
1 root root 41432 Jul 27  2010
/bin/ping
[root@linuxelearn
~]#
[root@linuxelearn
~]# chmod u-s /bin/ping
[root@linuxelearn
~]# su nagios
[nagios@linuxelearn
root]$ ping 192.168.10.10
ping:
icmp open socket: Operation not permitted
[nagios@linuxelearn
root]$
  • How
    can we set SGID

SGID
– SET GROUP ID

Set group ID, used on executable files to allow the
file to be run as if logged into the group (like SUID but uses file group
permissions)
SGID can also be used on a directory so that every
file created in that directory will have the directory group owner rather than
the group owner of the user creating the file.
Symbolic
way:
    [root@linuxelearn
~]# chmod g+s dir1
    [root@linuxelearn
~]# ls -ld dir/
    drwxrwsr-x
2 root root 4096 Dec 22 22:50 dir1/
Numerical
way:
    [root@linuxelearn
~]# chmod 2775 dir1/
    [root@linuxelearn
~]# ls -ld dir1/
    drwxrwsr-x
2 root root 4096 Dec 22 23:13 dir1/
Example:

When a directory is created and its group is set to
some group. Now if SGID is applied to it, and the group member created files
and directory inside it, then it will get the same group rather than getting
user’s primary group.
Lets see the example practically.
[root@linuxelearn
~]# mkdir dir1
[root@linuxelearn
~]# chgrp rjgroup dir1
[root@linuxelearn
~]# ls -ld dir1
drwxr-xr-x.
2 root rjgroup 4096 Dec 22 23:34 dir1
[root@linuxelearn
~]# chmod g+s dir1
[root@linuxelearn
~]# ls -ld dir1
drwxr-sr-x. 2 root rjgroup 4096 Dec 22 23:34 dir1
[root@linuxelearn
~]# chmod go+w dir1
[root@linuxelearn
~]# ls -ld dir1
drwxrwsrwx. 2 root rjgroup 4096 Dec 22 23:34 dir1
[root@linuxelearn
~]# su – nagios
[nagios@linuxelearn
~]$ cd /dir1
[nagios@linuxelearn
dir1]$ touch emptyfile{1..5}
[nagios@linuxelearn
dir1]# ls -l
total
0
-rw-r–r–.
1 root rjgroup 0 Dec 22 23:44 emptyfile1
-rw-r–r–.
1 root rjgroup 0 Dec 22 23:44 emptyfile2
-rw-r–r–.
1 root rjgroup 0 Dec 22 23:44 emptyfile3
-rw-r–r–.
1 root rjgroup 0 Dec 22 23:44 emptyfile4
-rw-r–r–.
1 root rjgroup 0 Dec 22 23:44 emptyfile5
[root@linuxelearn
dir1]#
Note:
when a file is created by any user it will get the group as primary group of
the owner which is usually owner’s private group with same name.
  • How
    to Set STICKY BIT for Directory

STICKY
BIT
If Sticky bit is applied on a file or directory,
then only root and owner of that file or directory can delete it. Even if other
users are having full permissions they cannot delete the file or directory.
Symbolic
way:
    [root@linuxelearn
~]# chmod +t /mydir
    [root@linuxelearn
~]# ls -ld /mydir/
    drwxrwxrwt
16 root root 4096 Dec 22 23:10 /mydir/
Numerical
way:
    [root@linuxelearn
~]# chmod 1777 /mydir
    [root@linuxelearn
~]# ls -ld /mydir/
    drwxrwxrwt
16 root root 4096 Dec 22 23:30 /mydir/
Let see the example of sticky bit practically..
[root@linuxelearn
~]# chmod o+t dir1
[root@linuxelearn
~]# ls -ld dir1
drwxrwsrwt.
2 root rjgroup 4096 Dec 22 23:34 dir1
[root@linuxelearn
~]# su – nagios
[nagios@linuxelearn
~]$ cd /dir1
[nagios@linuxelearn
dir1]$ ls
emptyfile1  emptyfile2 
emptyfile3  emptyfile4  emptyfile5
[nagios@linuxelearn
dir1]$ rm emptyfile1
rm:
remove write-protected regular empty file emptyfile1'? y
rm:
cannot remove
emptyfile1′: Permission denied
[nagios@linuxelearn
dir1]$
I think Its cover all special permissions in detail..
If you Like post then share and comment please And
if you have any suggestion for me do comment .

Leave a Reply

Your email address will not be published. Required fields are marked *