• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Understanding Special Permissions (setuid, setgid, sticky bit) in Solaris

by admin

In addition to the standard read, write, and execute permissions, Solaris and UNIX/LINUX in general has some special permissions that can be set to files and directories. These are the setuid bit, the setgid bit, and the sticky bit.

Special Permissions on Files: SUID

New Linux users often wonder why anyone would ever want to use the SUID bit. Having a program that will run with the power of root for any user sounds like a dangerous proposition. As it turns out, setting the SUID bit on certain programs is not only helpful, it is required.

Take, for example, the passwd command. Any user on the system may use the passwd command to change their password. Users’ passwords are stored in the file /etc/shadow. A quick check of the permissions on this file will reveal that it is read / write only to the root user. In order to update the entry for their password, a user must have root level access to the file. This access is provided by setting the SUID bit on the passwd program. The passwd program will only allow a user to change their own password. This limitation is imposed based on the UID of the user running the program, but not on the user’s security context.

The following examples show setting setuid permissions on a file. So that if the file is executable, it will execute with the permissions of its owner.

$ chmod u+s file_name

Special Permissions on Files: SGID

When executable files with the SGID bit set are run, they will run with an effective group id (EGID) of the group that owns the executable (instead of the primary group of the user executing the file).

Command below sdds the setgid bit so that, if executable, this file will execute with the permissions of its group. When this is set on a directory, all files created in the directory will have the same group as the directory.

$ chmod g+s file_name

Special Permissions on Directories: SGID

If the SGID permission is set on a directory, then files or subdirectories created within that directory inherit the group ownership of the SGID directory. Subdirectories created within the directory will also inherit the SGID special permission propagating this behavior further. Note that although the group ownership and special SGID bit are inherited, all other permissions for newly created directories are determined in the usual fashion using the value of the umask.

Special Permissions on Directories: Sticky Bit

Based on standard Unix filesystem permissions behavior, a user that has write access to a directory will be able to delete files in that directory (even if the file’s permissions do not grant them access). With the sticky bit set on a directory, this behavior is overridden and only users who have at least write access to a file will be able to delete it.

The /tmp directory is an example of a directory with the sticky bit set. It is very important for all users to be able to write to the /tmp directory, but it could cause major problems if any user could delete any other user’s files. Command below sdds the sticky bit so that users can only delete files from this directory that they created.

$ chmod o+t directory_name

Filed Under: Solaris

Some more articles you might also be interested in …

  1. Comparing Network configuration : Solaris 10 Vs Solaris 11
  2. The ultimate Solaris Volume Manager (SVM) interview questions
  3. How to assign a static IPv6 address on Solaris 8,9,10 (persistently)
  4. Solaris 11 : How to monitor network traffic using “ipstat”, “tcpstat” and “netstat” commands
  5. Solaris ZFS : How to Create and Manage Mirrored Storage Pools
  6. How to prevent SSH connections from disconnecting due to inactivity when using MobaXterm
  7. How to enable XDMCP in GNOME Display Manager (gdm) for Solaris 10,11
  8. Complete Hardware Reference : SPARC T3-1 / T3-2 / T3-4
  9. How to Identify ZFS Snapshot Differences using “zfs diff”
  10. Solaris 10 patching with SVM : Traditional method (non-live upgrade)

You May Also Like

Primary Sidebar

Recent Posts

  • “aws s3 mv” Command Examples
  • “aws s3 mb” Command Examples
  • “aws s3 ls” Command Examples
  • “aws s3 cp” Command Examples

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright