In addition to the standard read, write, and execute permissions, Solaris and UNIX/LINUX in general has some special permissions that can be set to files and directories. These are the setuid bit, the setgid bit, and the sticky bit.
Special Permissions on Files: SUID
New Linux users often wonder why anyone would ever want to use the SUID bit. Having a program that will run with the power of root for any user sounds like a dangerous proposition. As it turns out, setting the SUID bit on certain programs is not only helpful, it is required.
Take, for example, the passwd command. Any user on the system may use the passwd command to change their password. Users’ passwords are stored in the file /etc/shadow. A quick check of the permissions on this file will reveal that it is read / write only to the root user. In order to update the entry for their password, a user must have root level access to the file. This access is provided by setting the SUID bit on the passwd program. The passwd program will only allow a user to change their own password. This limitation is imposed based on the UID of the user running the program, but not on the user’s security context.
The following examples show setting setuid permissions on a file. So that if the file is executable, it will execute with the permissions of its owner.
$ chmod u+s file_name
Special Permissions on Files: SGID
When executable files with the SGID bit set are run, they will run with an effective group id (EGID) of the group that owns the executable (instead of the primary group of the user executing the file).
Command below sdds the setgid bit so that, if executable, this file will execute with the permissions of its group. When this is set on a directory, all files created in the directory will have the same group as the directory.
$ chmod g+s file_name
Special Permissions on Directories: SGID
If the SGID permission is set on a directory, then files or subdirectories created within that directory inherit the group ownership of the SGID directory. Subdirectories created within the directory will also inherit the SGID special permission propagating this behavior further. Note that although the group ownership and special SGID bit are inherited, all other permissions for newly created directories are determined in the usual fashion using the value of the umask.
Special Permissions on Directories: Sticky Bit
Based on standard Unix filesystem permissions behavior, a user that has write access to a directory will be able to delete files in that directory (even if the file’s permissions do not grant them access). With the sticky bit set on a directory, this behavior is overridden and only users who have at least write access to a file will be able to delete it.
The /tmp directory is an example of a directory with the sticky bit set. It is very important for all users to be able to write to the /tmp directory, but it could cause major problems if any user could delete any other user’s files. Command below sdds the sticky bit so that users can only delete files from this directory that they created.
$ chmod o+t directory_name