Setuid, setgid, and the sticky bit are special permission flags in Unix-like systems used to modify file and directory behavior. 1) Setuid allows a user to run a file with the owner’s permissions, often used for admin tasks via tools like passwd but poses security risks. 2) Setgid runs files with the group's permissions and ensures new files in a directory inherit the group ownership, useful for shared directories. 3) The sticky bit prevents users from deleting or renaming files in a directory unless they own them, commonly applied to public directories like /tmp. These flags should be used sparingly due to potential security vulnerabilities and privilege escalation risks.
Setuid, setgid, and the sticky bit are special permission flags in Unix-like operating systems that modify how permissions work for files and directories. They’re not as commonly used as the standard read/write/execute permissions, but they can be very useful — or dangerous if misused.
Let’s break down what each one does and when you might use them.
What is the setuid bit?
The setuid (Set User ID) bit allows a regular user to execute a file with the permissions of the file's owner instead of their own.
For example, imagine a script or program owned by root that needs to perform some administrative task. If you set the setuid bit on it, any user who runs that file will temporarily act as root.
When should you use it?
- Only when necessary — because it’s a security risk.
- Common real-world examples: tools like
passwd, which lets users change their password (which involves editing system files only root can normally touch).
How to set it:
chmod u s filename
You’ll see it in ls -l output like this:
-rwsr-xr-x 1 root root 1234 Jan 1 00:00 filename
Note the s in the user (owner) execute field.
What is the setgid bit?
The setgid (Set Group ID) bit works similarly to setuid, but instead of running a file as the owner, it runs it as the group that owns the file.
It also behaves differently when applied to directories: new files created inside that directory will inherit the group ownership of the directory, not the primary group of the user who created them.
When should you use it?
- For shared directories where multiple users need to collaborate.
- Ensures files created inside stay within the correct group, even if different users are adding them.
How to set it:
chmod g s filename_or_directory
In ls -l, it looks like:
-rwxr-sr-x 1 root admin 1234 Jan 1 00:00 filename
Or for a directory:
drwxr-sr-x 2 root admin 4096 Jan 1 00:00 dirname
Again, the s appears — this time in the group execute slot.
What is the sticky bit?
The sticky bit isn’t about running files as someone else. Instead, it restricts deletion rights on directories.
When enabled, only the owner of a file (or root) can delete or rename it — even if others have write access to the directory.
When should you use it?
- On public directories like
/tmp, where anyone can create files, but shouldn't be able to delete others' files.
How to set it:
chmod t directoryname
In ls -l, it shows up like this:
drwxrwxrwt 2 root root 4096 Jan 1 00:00 tmp
You’ll notice a t at the end of the permission string.
A few things to keep in mind:
- These bits are powerful and can introduce security risks.
- Use them sparingly and always double-check permissions.
- Misuse can lead to privilege escalation vulnerabilities.
- You don’t usually need these day-to-day unless you're managing shared environments or writing system-level utilities.
So yeah, basically that's what setuid, setgid, and the sticky bit do — not complicated, but definitely worth understanding if you're working in a multi-user or system administration context.
The above is the detailed content of What are the setuid, setgid, and sticky bits?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
10 Best File Comparison and Difference (Diff) Tools in Linux
Jun 11, 2025 am 10:26 AM
While writing program files or normal text files, programmers and writers sometimes want to know the difference between two files or two versions of the same file. When you compare two computer files on Linux, the difference between their contents is
How to create a new, empty file from the command line?
Jun 14, 2025 am 12:18 AM
There are three ways to create empty files in the command line: First, the simplest and safest use of the touch command, which is suitable for debugging scripts or placeholder files; Second, it is quickly created through > redirection but will clear existing content, which is suitable for initializing log files; Third, use echo"> file name to create a file with an empty string, or use echo-n""> file name to avoid line breaks. These three methods have their own applicable scenarios, and choosing the right method can help you complete the task more efficiently.
5 Best Open Source Mathematical Equation Editors for Linux
Jun 18, 2025 am 09:28 AM
Are you looking for good software to write mathematical equations? If so, this article provides the top 5 equation editors that you can easily install on your favorite Linux distribution.In addition to being compatible with different types of mathema
dutree - Analyze File System Disk Usage in Linux
Jun 11, 2025 am 10:33 AM
dutree is a free, open-source, fast command-line tool for analyzing disk usage, written in the Rust programming language. It was created by combining durep (disk usage reporter) and tree (list directory content in tree-like format) command-line tools
How to Install Eclipse IDE in Debian, Ubuntu, and Linux Mint
Jun 14, 2025 am 10:40 AM
Eclipse is a free integrated development environment (IDE) that programmers around the world use to write software, primarily in Java, but also in other major programming languages using Eclipse plugins.The latest release of Eclipse IDE 2023?06 does
15 Useful 'ifconfig' Commands to Configure Network in Linux
Jun 11, 2025 am 10:01 AM
ifconfig in short “interface configuration” utility for system/network administration in Unix/Linux operating systems to configure, manage, and query network interface parameters via command-line interface or in a system configuration scripts
SCP Linux Command – Securely Transfer Files in Linux
Jun 20, 2025 am 09:16 AM
Linux administrators should be familiar with the command-line environment. Since GUI (Graphical User Interface) mode in Linux servers is not commonly installed.SSH may be the most popular protocol to enable Linux administrators to manage the servers
24 Hilarious Linux Commands That Will Make You Laugh
Jun 14, 2025 am 10:13 AM
Linux has a rich collection of commands, and while many of them are powerful and useful for various tasks, there are also some funny and whimsical commands that you can try out for amusement. 1. sl Command (Steam Locomotive) You might be aware of the
