Advanced File Permission

Sticky Bit on Directory

Files can be protected in a directory from getting removed by other users who do not own it by preventing it with sticky bit. It is displayed at the same location as the x permission for others.

It is represented by a t (x is also there) or a T (no x is there).

Example:

Look at the above snapshot, permission for file new1 is changed to t at place of x permission for others.

Generally, sticky bit is found on /tmp directory.

setgid Bit on Directory

To make sure all the files in the directories are owned by the group owner of directory, setgid can be used. It is displayed on the same location as x permission for group. It is represented by a s (x is also there) or a S (no x is there).

Look at the above snapshot, group owner is changed into neww for the directory new1. Group permission is changed into s at the place of x permission for group. You can see that file1 which is inside directory 'new1' has the group name as 'neww'.

setgid and setuid on Regular Files

With the help of these two permissions, an executable file is accessed with the permissions of the file owner instead of the executing owner. It means that if a program has root user and setuid permission is set on it, then a user will run that program as root. This can be dangerous as well as good for the security.

For example, passwords which are stored in /etc/shadow are readable by root only as shown below.

When a user run passwd command, it executes with the root credentials.