General file permission
ls -al -rw------- 1 dc dc 9590 Apr 20 13:28 .bash_history -rw-r--r-- 1 dc dc 220 Apr 4 2018 .bash_logout -rw-r--r-- 1 dc dc 3771 Apr 4 2018 .bashrc drwx------ 3 dc dc 4096 Apr 18 11:18 .cache drwx------ 3 dc dc 4096 Apr 13 05:38 .config drwx------ 3 dc dc 4096 Apr 13 05:29 .gnupg -rw-r--r-- 1 dc dc 807 Apr 4 2018 .profile
rwxrwxrwx -> 777
Special file permission
ls -al /usr/bin/passwd -rwsr-xr-x 1 root root 59640 Mar 22 2019 /usr/bin/passwd*
x place is
s instead of
-, this means other user can execute this program, not only
When the SUID bit is set on an executable file, this means that the file will be executed with the same permissions as the owner of the executable file.
Why we need SUID? Or why
passwd needs SUID?
passwd will modify
/etc/shadow files which should be modified by
root, so a regular can’t modify these files if no SUID
Why I can’t modify other user’s password?
If I have same permission as
root, why I can’t modify other user’s password?
passwd checks that: https://github.com/shadow-maint/shadow/blob/master/src/passwd.c
chmod u+s filename
chmod 4xxx filename
chmod u-s filename
chmod 0xxx filename
s and capital
When you set SUID for a non execute file, you will get a capital
S, this means error for SUID
Same as SUID, this permission on Group part.
With the SGID bit set, any user executing the file will have same permissions as the group owner of the file.
When SGID permission is applied to a directory, all sub directories and files created inside this directory will get the same group ownership as main directory (not the group ownership of the user that created the files and directories).
Keep group ownership of sub-directory or files under the directory, see
Set and Remove SGID
chmod g+s filename chmod g-s filename chmod 2xxx filename chmod 0xxx filename
Last bit of file permission, drwxrwxrw
The sticky bit works on the directory. With sticky bit set on a directory, all the files in the directory can only be deleted or renamed by the file owners only or the root.
Set Sticky bit
chmod +t directory chmod -t directory chmod 1xxx directory chmod 0xxx directory
If the directory doesn’t have the execute permission set for all, setting a sticky bit will result in showing T instead of t