The Linux permission model extends beyond the basic read (
r), write (
x) permissions that many of us are familiar with. The system also
includes a set of "special" permissions: the setuid bit, the setgid bit, and the
sticky bit. Although these are not directly manipulated using the
command, understanding them is essential for anyone seeking to master Linux file
permissions. This article will delve into what each of these special permissions
is, why they are useful, and how they are related to the octal notation used
Context: Octal Notation and Umask
Before we get into the special permissions, let's quickly revisit the octal
notation for permissions. In this numeric system, each digit represents a
three-bit value that describes the permissions for the owner, group, and others,
respectively. These are the permissions affected by the
However, what's not immediately obvious is that there's also a fourth octal
digit that represents these special permissions. This is often left as
most cases and does not get set by the
For example, a full permission set might look like this in octal
4755 can be broken down as follows:
4corresponds to the special permissions
7corresponds to the owner's permissions (rwx)
5corresponds to the group's permissions (r-x)
5corresponds to others' permissions (r-x)
The setuid (set user ID upon execution) bit allows a user to execute a file with the permissions of the file owner. When set, the setuid permission allows users to execute the binary as if they were the owner, even if they are not.
sudo chmod u+s /usr/bin/somefile
Setuid is particularly useful for executables that require elevated permissions
to function, like
passwd, which needs access to the
/etc/shadow file to
change user passwords.
Setgid (set group ID upon execution) works similarly to setuid but sets the group ID rather than the user ID when the file is executed. When set on a directory, any files created within that directory will inherit its group ownership.
sudo chmod g+s /usr/local/somefolder
This is useful for shared directories where it's essential that all created files belong to a specific group, ensuring that all group members can access them.
The sticky bit restricts file deletion. When the sticky bit is set on a directory, only the owner of the file within that directory can delete it. Others—even with write permissions on the directory—cannot delete the file.
sudo chmod +t /tmp
This is particularly useful in shared, writable directories like
users shouldn't be able to delete files that belong to others.
Special permissions add an extra layer of control and flexibility to the Linux
permissions model. While they don't directly interact with the
understanding them is crucial for comprehending the full scope of file and
directory permissions on a Linux system. From the setuid and setgid bits that
allow for privilege escalation and group ownership inheritance, to the sticky
bit that protects against unauthorized file deletion, these special permissions
serve key roles in a secure and functional Linux environment.
What Can You Do Next 🙏😊
If you liked the article, consider subscribing to Cloudaffle, my YouTube Channel, where I keep posting in-depth tutorials and all edutainment stuff for software developers.