In addition to standard permissions (read, write, and execute), there are the following special permissions:
1. SUID (setuid).
It is a special permission for executable files. In Linux, an executable file has the same rights as the user who executes it. Setting the SUID bit, when executed, the file has the rights of the owner and not the owner of the file. SUID files set up with owner root are a serious security issue. Anybody can run them, and after execution, the created process will have root rights.
Eg. 1. The rm command is physically represented by the executable file /bin/rm that has as the owner the root. When root executes the rm command, the effect is that it commands its root rights and can delete any file in the system. If another user executes the rm command, the effect is that this command will have the rights of the user who executed the command, so it will not be able to delete any critical files. Instead, if the suid permission for the /bin/rm file is set, any non-root user executing the rm command will be able to delete any file from the system. This is because the rm command has the rights of the owner, that is, the root, and not the rights of the default user.
Eg. 2. An unprivileged user who can view the /etc/shadow file because the less command has SUID set. The ls -l command displays SUID files set “s” (s) to the executable’s position for the owner if the file has the right to be executed by the owner or “S” (high) if the file does not have the execution permission for the owner.
2. SGID (setgid).
It is a special permission that has different effects if it applies to a file or a directory. When applying to a file, if the file is executable, the process created by the file execution will run with the rights of the group that owns the file, and not with the primary user group that executes the file. This permission (SGID) is mainly used for directories, namely to create “shared” directories. The new files created within the directory will have the group that owns the directory group and not the user who creates them what is the default. The ls -l command displays for SGID files set “s” (s) to the group execution right position if the file or directory has the right execution for. group or “S” (high) if the file or directory is not allowed to run for the group.
3. Sticky bit.
It is used for “world writeable” directories and has the role of preventing users from deleting their content, other than the owner of the sticky bit set or the owner of the file in that directory, even if the rights of the directory would allow it (rwx).
Ex: /tmp
The root is an exception, and the file group obeys the rule (can’t modify).
Application:
Sticky Bit is used when creating a world-writeable directory (all permissions for all users), but with content protection. Without the sticky bit, any user can create files in the directory, but can also delete files created by other users. If the directory has a sticky bit, each user has the right to delete only their own files. The ls -l command displays the sticky bit directories set “t” (t) to the execution right position for the other if the file has the right execution for the other or the “T” (big t) for the rest.