Sysadmin Linux Theory

Special Permissions

Understanding SUID, SGID, and sticky bit special permissions for advanced file access control and privilege management

Topic Overview

Special permissions in Linux extend beyond standard read, write, and execute permissions. They include SUID, SGID, and Sticky Bit - powerful tools that modify how files and directories behave regarding user privileges and access control.

Key Concepts

  • SUID (Set User ID): Allows file execution with owner’s privileges
  • SGID (Set Group ID): Files inherit directory group or execute with group privileges
  • Sticky Bit: Restricts file deletion to owners only
  • Octal Notation: 4-digit numbers representing special + standard permissions
  • Symbolic Notation: Letters (s, S, t, T) indicating special permissions

Command Syntax

chmod [special_perm][standard_perms] file

  • Special permissions use 4-digit octal or symbols
  • Can be set with numeric or symbolic notation

Special Permission Values

4000 - SUID (Set User ID) 2000 - SGID (Set Group ID)
1000 - Sticky Bit u+s - Add SUID symbolically g+s - Add SGID symbolically o+t - Add Sticky Bit symbolically

Practical Examples

Example 1: Setting SUID 

1
2
3

chmod 4755 /usr/bin/passwd
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 68208 passwd

The ’s’ in owner execute position indicates SUID

Example 2: Setting SGID on Directory 

1
2
3

chmod 2775 /shared/project
ls -ld /shared/project
drwxrwsr-x 2 user dev 4096 /shared/project

Files created inherit ‘dev’ group ownership

Example 3: Sticky Bit on Directory 

1
2
3

chmod 1777 /tmp
ls -ld /tmp
drwxrwxrwt 10 root root 4096 /tmp

The ’t’ indicates sticky bit - only owners can delete files

Example 4: Symbolic Method 

1
2
3

chmod u+s script.sh      # Add SUID
chmod g+s /shared/docs   # Add SGID
chmod o+t /public        # Add sticky bit

Example 5: Finding Special Permissions 

1
2
3
4
5

find / -perm -4000 -type f 2>/dev/null
# Finds all SUID files

find / -perm -2000 -type f 2>/dev/null  
# Finds all SGID files

Use Cases

  • SUID: Programs needing root privileges (passwd, sudo)
  • SGID: Shared directories for team collaboration
  • Sticky Bit: Public directories like /tmp
  • Security: Controlled privilege escalation
  • Collaboration: Group project directories

Permission Display

  • s (lowercase): Special permission + execute bit set
  • S (uppercase): Special permission set, execute bit NOT set
  • t (lowercase): Sticky bit + execute bit set
  • T (uppercase): Sticky bit set, execute bit NOT set

find - Locate files with special permissions stat - Display detailed file permission info umask - Set default permission mask ls -l - View current permissions

Tips & Troubleshooting

Security Considerations

  • SUID files are potential security risks
  • Regularly audit SUID/SGID files
  • Remove unnecessary special permissions
  • Monitor for unauthorized SUID files

Common Issues

  • Capital S/T: Execute bit missing, permission ineffective
  • Permission Denied: Check both special and standard permissions
  • Inheritance: SGID only works on directories for inheritance

Best Practices

  • Use minimal necessary permissions
  • Document special permission usage
  • Regular security audits with find
  • Test permissions in safe environment first

Verification Commands 

1
2
3
4

# Check if special permissions work
stat filename
ls -l filename
# Look for s, S, t, or T in permission string