Welcome, young wizards and witches, to your first class in Advanced Permission Spells at the School of Linuxcraft and Commandery! 🏰
Too much? Well, I apologize in advance because it continues... and we're off! 🧙
Today’s lesson is on SUID, SGID, and the Sticky Bit, three powerful incantations you can place on files and directories to give them magical properties beyond ordinary permissions.
You’ve learned your chmod, chown, and ls -l. Now it’s time to enchant your system like a true Shell Sorcerer.
🧭 Table of Contents
- First, Summon Your Practice Grounds
- Spell 1: SUID – The Cloak of Root
- Spell 2: SGID – The Sword of Shared Power
- Spell 3: The Sticky Bit – The Guardian Charm
- Cheat Sheet: Permission Spells Summary
- Final Notes from Professor Root
- Ready to Graduate?
🧰 First, Summon Your Practice Grounds
To cast these spells safely, we’ll need a training area.
⚙️ Set up your lab:
mkdir ~/hogwarts-lab
cd ~/hogwarts-lab
👤 Create magical students and a house group:
sudo useradd -m harry
sudo useradd -m ron
sudo useradd -m hermione
sudo groupadd gryffindor
sudo usermod -aG gryffindor harry
sudo usermod -aG gryffindor ron
🗂️ Create magical items:
touch cloak_of_suid sword_of_sgid
mkdir common_room
🧙♂️ Spell 1: SUID – The Cloak of Root
“Whoever wears the cloak of SUID will temporarily gain the power of its creator.”
SUID (Set User ID) is a spell cast on a file so that any user who runs it does so with the file owner’s power.
🧪 Try the SUID spell:
sudo chown root:root cloak_of_suid
sudo chmod u+s cloak_of_suid
Now look closely:
ls -l
# -rwsr-xr-x 1 root root 0 cloak_of_suid
# See the 's'? The spell is working.
You may see uppercase
Sinstead of lowercases. UppercaseSjust means the file is not executable.To make the file executable try:
sudo chmod u+x cloak_of_suid
This is different from:
sudo chomd +x cloak_of_suid
Which allows execute privileges to all.
🧙♀️ Spell 2: SGID – The Sword of Shared Power
“The sword ensures all who wield it serve the same house.”
SGID (Set Group ID) works on both files and directories.
- On files, it lets a script run with the file’s group.
- On directories, it forces all new files to inherit the directory’s group.
🧪 Cast SGID on a directory:
mkdir gryffindor_chamber
sudo chown root:gryffindor gryffindor_chamber
sudo chmod 2775 gryffindor_chamber
👀 Check the spell:
ls -ld gryffindor_chamber
# drwxrwsr-x 2 root gryffindor 4096 ...
🧙♀️ Enter as Ron and create an artifact:
su - ron
cd ~/hogwarts-lab/gryffindor_chamber
touch chess_board
ls -l
# You’ll see 'chess_board' belongs to group 'gryffindor'
Now everyone in the house can collaborate safely.
🧙♀️ Spell 3: The Sticky Bit – The Guardian Charm
“You may roam the common room, but only touch what’s yours.”
Sticky Bit is a charm placed on shared rooms (directories). It lets everyone create files but only their owners can delete them.
🧪 Cast it on the common room:
chmod 1777 common_room
🏷️ Observe:
ls -ld common_room
# drwxrwxrwt ... ← that ‘t’ means the charm is active
👥 Students in action:
su - harry
cd ~/hogwarts-lab/common_room
touch harrys_notes
su - hermione
cd ~/hogwarts-lab/common_room
touch hermiones_research
Now try deleting each other’s files. The Guardian Charm will stop you.
🧙 Cheat Sheet: Permission Spells Summary
| 🪄 Spell | Target | Magic Effect | Symbol | Common Use |
|---|---|---|---|---|
| SUID | Files | Run as file owner |
s (user) |
passwd, custom admin scripts |
| SGID | Files/Dirs | Run with group / enforce group ownership in dirs |
s (group) |
Shared development folders |
| Sticky Bit | Dirs | Only owner can delete their files in the directory | t |
/tmp, shared public folders |
🧪 Final Notes from Professor Root
- Use
ls -landstatto inspect spells. - Use SUID and SGID sparingly and never on world-writable files... you don’t want to summon vulnerabilities!
- The Sticky Bit is your best friend in common areas.
🪄 Ready to Graduate?
You've now unlocked the secrets of magical file permissions in Linux. You're ready to conjure collaborative workspaces, safeguard shared directories, and wield root-like power responsibly.
Top comments (0)