Linux permissions are crucial for system administration, controlling access to files and directories. Encountering “Permission denied” errors is a common experience. While basic permissions like read, write, and execute are essential, Linux also offers special permissions: SUID, SGID, and the sticky bit. This article focuses on What Is Suid And Guid In Linux, explaining their functions and usage.
[tcarrigan@server ~]$ ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 33544 Dec 13 2019 /usr/bin/passwdUnderstanding Linux Permission Basics
Before diving into SUID and GUID, a quick recap of standard Linux permissions is helpful. Permissions are assigned to three categories:
- User: The owner of the file or directory.
- Group: A collection of users with shared access rights.
- Others: All users who are neither the owner nor members of the group.
Permissions are typically set using the chmod command, which can be applied using either the symbolic or numeric method.
Symbolic Method
The symbolic method uses letters to represent identities, actions, and access levels. The general syntax is:
chmod WhoWhatWhich file|directory- Who:
u(user),g(group),o(others),a(all). - What:
+(add),-(remove),=(set exact). - Which:
r(read),w(write),x(execute).
For example, to add read and write permissions for the user and group to a file named test.txt, you would use:
chmod ug+rw test.txtNumeric Method
The numeric method represents permissions as a three-digit number, where each digit corresponds to the user, group, and others, respectively. The values are calculated as follows:
- Read: 4
- Write: 2
- Execute: 1
For instance, the permissions -rw-r-x--- translate to 650:
- User (rw-): 4 + 2 = 6
- Group (r-x): 4 + 1 = 5
- Others (—): 0
The corresponding chmod command would be:
chmod 650 test.txtWhat is SUID (Set User ID)?
SUID is a special user permission. When a file has the SUID bit set, it executes with the privileges of the file’s owner, rather than the user who is running the file. This is particularly useful for commands that need elevated permissions to perform certain tasks. If the file owner does not have execute permissions, the lowercase s will be represented by an uppercase S.
A classic example is the /usr/bin/passwd command. It allows users to change their passwords, which requires writing to the /etc/shadow file (typically only accessible to the root user). The SUID bit on /usr/bin/passwd enables users to modify this file, but only to change their own password, not other users’ passwords.
[tcarrigan@server article_submissions]$ ls -l total 0 drwxrws---. 2 tcarrigan tcarrigan 69 Apr 7 11:31 my_articlesWhat is GUID (Set Group ID)?
SGID, the special group permission, has different behaviors depending on whether it is set on a file or a directory. As with SUID, if the owning group does not have execute permissions, the lowercase s will be represented by an uppercase S.
-
On a File: When set on an executable file, SGID causes the file to run with the privileges of the group owner of the file.
-
On a Directory: When set on a directory, all new files and subdirectories created within that directory inherit the group ownership of the directory. This is very useful in collaborative environments where multiple users need to share files within the same group.
For instance, consider a directory called my_articles owned by the group tcarrigan. If SGID is set on this directory, any new files created within it will automatically be owned by the tcarrigan group, regardless of the user who created them.
The Sticky Bit
The sticky bit is another special permission. When set on a directory, it restricts file deletion within that directory. Only the file’s owner, the directory’s owner, and the root user can delete or rename files within the directory.
A common example is the /tmp directory, which is world-writable but has the sticky bit set. This prevents users from deleting files that they do not own.
Setting Special Permissions: Symbolic and Numerical Methods
Special permissions can be set using either the symbolic or the numerical method.
Symbolic Method
To set SGID on a directory named community_content, you would use:
chmod g+s community_content/Numerical Method
The numerical method requires a fourth digit before the standard three permission digits. This digit represents the special permissions:
- SUID: 4
- SGID: 2
- Sticky Bit: 1
To set SGID on the community_content directory using the numerical method, you would use:
chmod 2770 community_content/Conclusion
Understanding Linux permissions, including SUID and GUID (SGID), is essential for effective system administration. SUID allows programs to run with elevated privileges of the owner, while SGID ensures group ownership inheritance within directories. These special permissions, along with the sticky bit, provide fine-grained control over access rights and contribute to a more secure and collaborative computing environment. Now that you’re familiar with SUID and GUID in Linux, you can better manage file access and troubleshoot those pesky “Permission denied” errors.
