wiki

User Tools

Site Tools

Trace: file_permissions
unix:file_permissions

This is an old revision of the document!

Table of Contents

UNIX/Linux base file permissions

UNIX/Linux File Permissions

When listing a file or folder on UNIX, using detailed view you 'll see the permissions and owner… 

[root@aix01]/root# ls -lsa
   0 drwxr-x---    2 root     system          256 Aug 16 16:56 bar

The table below gives numbers for all permission types of a File/Directory.

Number Permission Type Symbol
0 No Permission
1 Execute -–x
2 Write -w-
3 Execute + Write -wx
4 Read r–-
5 Read + Execute r-x
6 Read + Write rw-
7 Read + Write + Execute rwx

Special permission: setuid, setgid, and the Sticky Bit

Setuid, setgid, and the sticky bit can be tough for new and aspiring Linux admins to understand. It's easy enough to do a web search for the basic definitions:

  • setuid: a bit that makes an executable run with the privileges of the owner of the file
  • setgid: a bit that makes an executable run with the privileges of the group of the file
  • sticky bit: a bit set on directories that allows only the owner or root can delete files and subdirectories

user +s

setuid example 

A non-root user is not able to edit the passwd file, but every user can change his own password. This is due to 
the sticky bit positionned on the executable command **passwd**, Which 'll execute the passwd command as root,
because the sticky bit is positionned on the program
[root@srvadm01]/root# ll /etc/security/passwd
   4 -rw-------    1 root     system         1505 Jun 06 13:42 /etc/security/passwd

[root@srvadm01]/root# ll /usr/bin/passwd
  44 -r-sr-xr-x    1 root     security      44959 Feb 25 2022  /usr/bin/passwd

group +s

other + t (sticky)

Setting special permissions

2 ways to set special permissions:

  • To do this using the symbolic method, we do the following:
[root@srvadm01]/root# chmod g+s community_content/
  • Using the numerical method, we need to pass a fourth, preceding digit in our chmod command. The digit used is calculated similarly to the standard permission digits:
  Start at 0
  SUID = 4
  SGID = 2
  Sticky = 1

The syntax is: 

chmod X### file | directory

Where X is the special permissions digit.

Here is the command to set SGID on community_content using the numerical method: 

[root@srvadm01]/root# chmod 2770 community_content/
[root@srvadm01]/root# ls -ld community_content/
drwxrws---. 2 user01  staff 113 Apr  7 11:32 community_content/

Listing all files with the setuid or setgid bit set

[root@srvadm01]/root# find / -perm /6000 -type f
[root@srvadm01]/root# find / -type d -perm -1000 -exec ls -ld {} \;
drwxrwxrwt    1 root     system            7 Aug 16 15:06 /aha
drwxrwxrwt    1 root     system            3 Aug 16 15:06 /aha/mem
drwxr----t    3 oracle   dba             256 Apr 11 2022  /opt/admindev/oracle/product/19.5.0.0.191015-171/suptools/release/diag/tfa/tfactl
drwxr----T    2 oracle   dba             256 Apr 11 2022  /opt/admindev/oracle/product/19.5.0.0.191015-171/suptools/release/diag/tfa/tfactl/user_oracle/alert
unix/file_permissions.1692199725.txt.gz · Last modified: 2023/08/16 17:28 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki