About Setuid – SetGid – Sticky Bit

Published on August 11, 2022 at 2:34 am by LEW

Introduction

In a previous post we talked about ownership and file permissions. In this post we will discuss setuid (set user id) and setgid (set group id). Additionally we will talk about sticky bits.

Using the command chmod, we can set special permissions on files (setuid and setgid), that allow other users to run the file as the user who owns the file. Two common programs in Linux that use this particular type of permission are su and sudo.

Quick Review

As has been discussed previously, this quick list covers some of the basics of file security on Unix/Linux

Nice and short, but to get the most out of this post, you should review file ownership and security in more detail at some point.

Setuid and Setgid

Setuid and setgid are special permissions that can be set with the chmod command. These permissions allow a user to run executable files as if they were the file user/group. For example if a file is owned by root, and setuid is set, then a normal user could run this file as if they were root.

Referring to the above examples, if su and sudo have been installed, and I list the content of /usr/bin (this is on Arch/Debian installs, have not looked into location on other distributions), we can see the commands both have a small “s” in the user executable position.

lee@Athena:/usr/bin$ ls -alh | grep su

-rwsr-xr-x  1 root root     71K Jan 21  2022 su
-rwsr-xr-x  1 root root    179K Feb 27  2021 sudo

These files are owned by root, however the “s” for user executable (position 4), instead of an “x” means that any user can run these commands as if they were root. Obviously there are going to be security concerns with setuid and setgid, so you need to be very careful about what and where you use these permissions.

Sticky Bits

A sticky bit is another special permission that can be set with the chmod command. When the sticky bit is set, only the owner or root can delete a file. The sticky bit is commonly used on the /tmp folder. This folder is, as the name implies, a temporary workspace for all users. When a file is saved to this folder by a user, the sticky bit is usually set to prevent other users from deleting the file.

lee@Athena:/usr/bin$ ls -alh /tmp
drwxrwxrwt  2 root root 4.0K Aug 11 05:40 .Test-unix

Note the “t” in the execute spot instead of an “x” (position 10). This indicates that the sticky bit has been set, in this case for a directory (d in position 1).

Using Alpha characters with chmod for setuid, setgid, and sticky bit

To start with we will be using the alphabetic notation in chmod, then we will move to numeric notation. The alphabetic notation can make it a little easier to visualize what is going on.

For theses examples, we will be using testfile.sh. You can create this file in your home directory. The file is file contains some basic shell commands. The “.sh” extension commonly indicates a shell script file which should be executable. The contents of the file I used are as follows (note if anyone is interested in a post on shell scripting, let me know).

#! /bin/sh
echo
echo $USER
echo $HOME
echo $TERM
uname -r
echo

After creating this file in your favorite text editor (I used vi), you can do a listing to see the default permissions. Note that the echo command may act differently depending on circumstances.

lee@Athena:~$ ls -al | grep testfile.sh
-rw-r--r-- 1 lee  lee         84 Aug 11 07:01 testfile.sh

The default permissions on my system set the owner to read/write, and group/other to just read. Remember that setuid and setgid are for executable files. If we try to set them now (with the “s” option), we get a capital “S” instead of a small “s” in the execute position.

lee@Athena:~$ chmod u+s testfile.sh
lee@Athena:~$ ls -al | grep testfile.sh
-rwSr--r-- 1 lee  lee         84 Aug 11 07:01 testfile.sh

This tells us the file was not initially executable. So lets make it executable and recheck the permissions. Note the setuid we set before is still present after this.

lee@Athena:~$ chmod u+x testfile.sh
lee@Athena:~$ ls -al | grep testfile.sh
-rwsr--r-- 1 lee  lee         84 Aug 11 07:01 testfile.sh

Now we have the proper small “s”. We can do the same for the group permissions if we want (setgid).

lee@Athena:~$ chmod g+xs testfile.sh
lee@Athena:~$ ls -al | grep testfile.sh
-rwsr-sr-- 1 lee  lee         84 Aug 11 07:01 testfile.sh

We can set the sticky bit in a similar way, however the sticky bit does not require owner or group, since it just keeps the file from being deleted.

lee@Athena:~$ chmod +t testfile.sh
lee@Athena:~$ ls -al | grep testfile.sh
-rwsr-sr-T 1 lee  lee         84 Aug 11 07:01 testfile.sh

Sticky bits are normally used on directories instead of files, hence the capital “T” instead of a small “t

Using Numeric chmod for setuid, setgid, and sticky bit

When setting permissions chmod can use three number numeric values, one for each user. When setting sticky bits, setuid, or setgid chmod uses a fourth number. For example lets say we want the owner to be able to read, write, and execute, but all other uses to just be able to read. But additionally we want others to be able to execute the file as if they were the owner. We would use chmod 4744 testfile.sh. If the first digit is zero, it can be omitted, giving us our normal three digit number. The values for the first digit are:

We can view the owner permissions as numbers using the following command. The output should be the numeric representation of the permissions.

stat -c “%a” testfile.sh

Conclusion

In this post we have gone over some of the basics for setuid, setgip, and sticky bit. You should now have a basic understanding of these special file permissions and how to use them.

 

SharePin It!

Add New Comment

Your email address will not be published. Required fields are marked *