Today we will learn about some other Linux file system permissions aka special file permissions
After setting up these permissions on file/directory , any user who runs that executable file assumes the user id of the owner (or group) of the executable file.
we must be careful during implementing these permissions because misconfiguration may rise risk of system security by normal user.
Before proceeding to this article , you mus have knowledge about basic file permissions in linux else you wont feel comfortable with this post. here is the link for basic file permissions if you want to have a look on them http://www.mannulinux.org/2013/08/file-permissions-in-linux.html
there are 3 types of special permission in Linux system
1.Sticky Bit
2.Suid (set user id)
3.Sgid (set group id)
permission symbols for these permissions are following
permission octal representation alphabet
sticky bit 1 t
sgid 2 s
suid 4 s
lets have a look :)
Sticky Bit:-
this permission is to prevent a file/directory in such directory which have write/execute permission for other users . If this permission is set on a file having write permission for every user, the file cant be deleted by user other then root and file owner .
this is only for user group 'other' and to set this permission on a file we can use chmod with octal permission patter or by defining +t
using octal permission patter
octal permission patter is like this
special_permission+normal permission
0000
here first 0 fr special permission where are rest of the 3 0s are representing owner,group and other user permission on file
for example , i am going to set sticky bit permission on a file which have read,write and execute permission for its owner,group and other user .
octal code is 1
so command will be
chmod 1777 cmd.sh
here 1 represent special permission i.e sticky bit
using alphabetic permission symbol
alphabetic representation for sticky bit is t
to add sticky bit permission on a file , use command
chmod +t file_name
this command will just add sticy bit permission to file/directory
ok,now try to delete this file using another user account , as we can see file has full permission for other users too
yessssss :) , permission is working fine and other user are not able to delete it even after having full permission on file .
you can see , after adding sticky bit on the file alphabet 't' is appearing in other user permission field .
permissions were rwxrwxrwx and now it is rwxrwxrwt
if t is smalll,means other user has execute permission on file
else t is capital , which means other user dont have execute permission on file
we can use sticky bit on a directory so that whenever a user will create file in that directory , sticky bit permission will automatically inherit to file under directory and only file owner and root user will be able to remove that file :P
lets have a look .
i am creating a directory /test , applying sticky bit on that directory and a file r.txt(with full permission to every user) under directory /test
ok now we havent setup sticky bit permission on r.txt file but on directory under which file r.txt exist
lets try to delete it from other account :P
switching to user account indishell , and tried to delete r.txt file :P
ooops :D , well user indishell couldnt delete file because we have setup sticky bit on its parent directory
if you want to remove sticky bit permission from file/directory
use command
chmod -t file_name
Suid (set user id):-
This is second special permission which is setup for group of file/directory
its octal representation is 2 and alphabetic symbol is s
A program for which this bit was set runs under the group ID under which it was saved, no matter which user starts it. Therefore, in a directory with the setgid bit, all newly created files and subdirectories are assigned to the group to which the directory belongs.
to setup SGID permission we can use octal permission patter or alphabet symbol method
using octal method:-
command will be
chmod sgid_permission+normal permission file/folder
for example i have file cmd.sh whose normal permissions are 755 and i want to set sgid permission on it
chmod 2755 cmd.sh
using alphabetic symbol
alphabetic symbol for sgid permission is s and to add this permission on file we use command
chmod g+s file/folder
if sgid is set up for a file or directory , you will see 's' alphabet in group permission field(have a look on above pic)
lets have a live example , how this nice permission works :)
i have a directory /test which is created by root user and other user dont have any permission on this directory
ok lets try to list content of /test directory from ther user account
:P failed ..........
ok we can remove this problem using sgid concept
how???? lets the game begin XD
we are using command ls to list /test directory content which exist in /bin directory
its owner and group is root user (run command ls -l /bin/ls to make sure about this ;) )
as we know , if we set sgid on a binary/command , command will be run with the power of the group
and here , command ls has group root, so set sgid permission on ls command from root account
command will be
chmod g+s file/directory
ok lets test what we have done :P
switching to user account indishell again and trying to list content of directory /test after setting sgid permission on ls command 8-)
wot wot :D
this is how sgid works and now you can guess what can happen if mis configure sgid for some command like cat or vi :P of course your /etc/shadow file can be read or edit by non root user =))
Sgid (set group id)
this one is nice one and working is something similar to sgid command
this is for user field of file/directory and represented by s
if this permission is configured for a command , command will run run with the power of owner of the file and it doesnt matter who is executing that command
best example for this is passwd command \m/
no one can edit /etc/shadow file other then root , but passwd command let change password to a normal user too which means normal user can edit his password stored in /etc/shadow file using passwd command
and its because , passwd command has suid permission set on it so whenever any user run it, command execute with the power of root user
to setup SUID permission we can use octal permission patter or alphabet symbol method
using octal method:-
its octal number is 4
command will be
chmod suid_permission+normal permission file/folder
for example i have file cmd.sh whose normal permissions are 755 and i want to set suid permission on it
chmod 4755 cmd.sh
using alphabetic symbol
alphabetic symbol for suid permission is s and to add this permission on file we use command
chmod u+s file/folder
to remove suid use command
chmod u-s file/directory
sooo this was about special file permissions in linux which can help you handling linux system in batter manner >:D< (especially sticky bit)
Thank you
Greetz to :-
Zero cool ,code breaker ica, Aasim shaikh,Reborn, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,Hardeep bhai,Mannu,Viki , AR AR bhai ji, Anju and Deepika kaushik
0 comments