Introduction to UNIX: basic concepts
: UNIX design
: Access-rights
: Special bits
Previous: Various example combinations
Next: Basic concepts
3.5.2. Special bits
3.5.2.1. Setuid / Setgid
The 'x' (eXecute) bit for the User and the Group can be made
setuid (SET User ID):
-r-sr-xr-x 1 bob users 12288 21 May 10:43 program
In the above example:
- Any user can run the program
- When the program runs, it will run with the privileges of user 'bob',
since the access rights for User are
r-s (setuid).
Other example:
-r-sr-x--- 1 root wheel 12288 21 May 10:43 program
Here:
- Only users of the group 'wheel' and root itself can launch the program
- When it runs, it does with the privileges of the 'root' user
This makes it possible to restrict commands to a certain group of users.
This above is also true with the setgid (SET Group ID) bit:
-r-xr-sr-x 1 bin bin 12288 21 May 10:43 program
In this case:
- all users can run the program
- when the program runs, it does with the privileges of group 'bin'
3.5.2.2. The sticky bit
On a directory, it is possible to set what is called the 'sticky' bit:
drwxrwxrwt 1 bin staff 4 21 May 10:43 files/
This means that all users can create files in this directory, but
only the owner of these files can modify / delete them. Example: /tmp
Introduction to UNIX: basic concepts
: UNIX design
: Access-rights
: Special bits
Previous: Various example combinations
Next: Basic concepts