Table of Contents
- Introduction: Why Special Permissions Matter
- What Are Special Permissions in Linux?
- 1. Setuid (SUID) – Running a Program as the File Owner
- 2. Setgid (SGID) – Running a File as Its Group
- 3. Sticky Bit – Protecting Files in Shared Directories
- Use Cases for Special Permissions in Linux
- Final Thoughts
Introduction: Why Special Permissions Matter
Imagine you’re working on a shared Linux system, and you want to control who can access certain files, what they can do, and how security is enforced. In Linux, special permissions help prevent unauthorized access, protect critical files, and improve system security.
If you’ve ever wondered why some files require extra permissions, or why certain scripts can run even when a user doesn’t own them, this guide will break down everything in simple terms. Let’s explore setuid, setgid, and the sticky bit—the three special permissions in Red Hat Linux—and their real-world use cases!
What Are Special Permissions in Linux?
Linux normally uses basic permissions:
- Read (r) → Can view a file.
- Write (w) → Can modify a file.
- Execute (x) → Can run a file/program.
But sometimes, you need special permissions to handle important files in a secure way. These special permissions include:
✅ Setuid (SUID) → Allows a file to run with the privileges of its owner.
✅ Setgid (SGID) → Allows a file/folder to run with the privileges of its group.
✅ Sticky Bit → Protects files in shared directories from accidental deletion.
These special permissions help system administrators, developers, and users manage important files and programs safely.
1. Setuid (SUID) – Running a Program as the File Owner
What does it do?
When the SUID (set user ID) permission is enabled, a file runs with the privileges of its owner, instead of the user executing it.
Why is it useful?
Some programs need special access to system resources, but you don’t want to give users complete administrative power. SUID helps with this.
Example: The ‘passwd’ Command
Linux users change passwords with the passwd command. But password information is stored in a system file that only the root user can modify.
To allow regular users to update their passwords without full root access, the passwd command has SUID enabled.
Check its permissions with:
ls -l /usr/bin/passwd
You’ll see something like this:
-rwsr-xr-x 1 root root 27544 Mar 19 15:30 /usr/bin/passwd
Notice the ‘s’ in rwsr-xr-x. That means SUID is enabled, allowing users to run passwd with root privileges only for changing passwords—nothing else.
How to Set SUID on a File
If you want a script to always run with its owner's privileges, use this command:
sudo chmod u+s myscript.sh
This means any user running myscript.sh will execute it with the owner’s permissions.
2. Setgid (SGID) – Running a File as Its Group
What does it do?
Setgid (set group ID) makes sure that when a user runs a file, it runs with the permissions of the file’s group instead of their own.
Why is it useful?
This helps teams working on shared projects—everyone in a specific group can automatically inherit permissions to files and directories.
Example: Shared Directories for Developers
Imagine a team of developers working on a project. You want them all to have permission to edit files inside a folder, but without manually setting permissions for each file.
You can apply SGID to the folder, so that all new files inside it automatically inherit group permissions.
How to Set SGID on a Directory
Run this command on a shared folder:
sudo chmod g+s /home/dev_team
Now, every new file inside /home/dev_team will inherit the group’s permissions, making collaboration easier.
3. Sticky Bit – Protecting Files in Shared Directories
What does it do?
A sticky bit prevents users from deleting files they don’t own, even if they have write access to the directory.
Why is it useful?
Sticky bits are mainly used in public/shared folders, like /tmp, where multiple users store files. This prevents accidental or malicious deletion of important files.
Example: Securing the /tmp Directory
The /tmp folder in Linux is accessible to everyone, meaning users can store temporary files there. However, if sticky bit wasn't enabled, any user could delete anyone else’s files inside /tmp.
That’s why Linux sets the sticky bit by default on /tmp, ensuring users can delete only their own files.
Check its permissions with:
ls -ld /tmp
You’ll see something like this:
drwxrwxrwt 17 root root 4096 Mar 19 15:30 /tmp
Notice the ‘t’ at the end of drwxrwxrwt—that means the sticky bit is enabled.
How to Set Sticky Bit on a Directory
If you have a shared folder where users should only delete their own files, enable the sticky bit:
sudo chmod +t /shared_folder
Now, users can’t remove files they don’t own, even if they have write permissions for the folder.
Use Cases for Special Permissions in Linux
✅ Allow regular users to run important system commands safely (SUID on passwd).
✅ Manage shared projects where all team members need equal access (SGID on project folders).
✅ Protect files in public directories from accidental deletion (Sticky bit on /tmp).
System administrators, developers, and general users all benefit from special permissions—they make Linux more secure, efficient, and easy to manage.
Final Thoughts
Special permissions in Red Hat Linux aren’t just for experts—once you understand how SUID, SGID, and sticky bit work, you’ll appreciate how they improve security and simplify file management.
Try using these permissions on test files, experiment with shared folders, and soon enough, you’ll master Linux file security like a pro! 🚀
Top comments (0)