Details about linux permissions s permissions and t permissions

  • 2020-10-07 18:57:16
  • OfStack

Commonly used permissions

The linux system has files with 3 identities u: owner g: group o: Others

These identities have the following permissions for documents commonly used:

r: Read permissions, users can read the content of the document, such as cat, more view

w: Write permissions so users can edit documents

x: This directory has permissions that can be executed by the system

Other rights

In addition to read and write execution permissions, the system also supports forced bits (s permissions) and sticky bits (t permissions).

s permissions

s permissions: Set the file to have file owner permissions at run time, equivalent to temporarily owning the identity of the file owner. A typical file is passwd. If a general user executes this file, it gains root permissions during execution, allowing the user to change his password.


ls -al /usr/bin/passwd
-rwsr-xr-x 1 pythontab pythontab 32988 2018-03-16 14:25 /usr/bin/passwd

We can set s permissions in character mode: chmod a+s filename, or in absolute mode:

Set suid: Set the digit before the corresponding permission bit to 4;

Set guid: Set the bit before the corresponding permission bit to 2;

Set both bits: Set the bit before the corresponding permission bit to 4+2=6.

Note: when transferring s file belongs to the Lord, belongs to the group first must set up corresponding x permissions, otherwise s authority does not really take effect (c h m o d command does not necessary integrity check, even if you don't set x permissions set permissions s, chmod also won't complain, when we ls - l see rwS, uppercase S s permissions inactive)

t permissions

t permissions: To delete a document, you do not have to have write permissions for the document, but you do have to have write permissions for the document's parent directory. That is, even if you do not have write rights to a document, you can delete the document if you have write rights to the document's parent directory, and if you do not have write rights to a directory, you cannot create a document in that directory.

The t permission is what it takes to make a directory that allows any user to write to a document without allowing the user to delete someone else's document in that directory. t permissions 1 usually only work on directories, but not on documents.

After setting the t permission bit in a directory, any user (such as /home with 1777 permission) can create documents in this directory, but only delete the documents created by the user (root excepted), which will protect user documents in any directory that the user can write.

t permissions can be set by chmod +t filename

Let me sum up 1 more here

s or S (SUID,Set UID) :

An executable file with this permission is given the privilege to access any system resources available to the owner of the file. Be aware of files with SUID permissions, which hackers often use to create a backdoor in the system with SUID and the root account owner for later access.

T or T (Sticky) :

/tmp and /var/tmp directories provide all users with temporary access to files, meaning that each user has full access to the directory to browse, delete, and move files.


Related articles: