There are three special permissions that are available for executable
files and directories:
- SUID (Set User ID):
- What it does: When SUID is set on an executable file, it allows the file to be executed with the privileges of the file owner.
- Example: If a regular user runs an executable file with SUID set and owned by the root user, the file will execute with root-level privileges.
- SGID (Set Group ID):
- What it does: When SGID is set on an executable file, it allows the file to be executed with the privileges of the file’s group.
- Example: If a regular user runs an executable file with SGID set and owned by a specific group, the file will execute with the privileges of that group.
- Sticky Bit:
- What it does: When the sticky bit is set on a directory, only the root user, the owner of the directory, and the owner of a file within that directory can delete or modify their own files.
- Example: In a directory with the sticky bit set, if User A creates a file, only User A, the root user, or the directory owner can delete or modify that file.
Differences:
Aspect | SUID (Set User ID) | SGID (Set Group ID) | Sticky Bit |
---|---|---|---|
Purpose | Execute with owner’s privileges | Execute with group’s privileges | Restrict file deletion/modification |
Applied to | Executable files | Executable files | Directories |
Effect on Non-executable Files | No effect | No effect | No effect |
Effect on Executable Files | Changes effective user ID (EUID) to file owner’s ID | Changes effective group ID (EGID) to file’s group ID | No effect after execution |
Directories | No effect | No effect | Restricts file deletion/modification to root, directory owner, and file owner |
Common Use Case | Running programs with elevated privileges | Running programs with group-level privileges | Secure deletion in shared directories |