suid, sgid, sticky bit, permissions

19 Mar 2008

I’ve been going to a few job interviews recently. One the standard ‘tricky’ (oooooh) Linux questions is “explain suid, sgid, sticky bit, etc”.

I usually don’t rote learn this sort of stuff (that’s what manpages and Google are for), here’s my summary:

  • 4000 (chmod u+s) is suid; for files execute as owning user (often root).
  • 2000 (chmod g+s) is sgid; for files execute as owning group (often root); for directories the group on newly created files will be set to the directory’s group rather than the creator’s group. Typically used for shared directories.
  • suid and sgid are ignored on scripts, due to the security risk
  • 1000 (chmod +t) is sticky bit (“save text image”); for files it used to be ‘pin in memory’ but is now ignored; for directories only root, file owner and directory owner can delete a file (even if non-owners have directory write permissions). Typically used for /tmp. –t—-
  • capital letters when doing ls -al usually means the permissions have been set incorrectly eg -r-S—- SUID is set, but owner execute is not set. However (?check?) -rw—-T means no update of “last modified time”; usually used for swap files (not very common nowadays – swap is usually a partition).

Directory Permissions

  • read list files
  • write add or remove files
  • execute open or execute files, cd into directory

Also, Access, Change, Modify

Here are the definitions of the different UNIX time information on a file with how they are typically referred to in man pages and the option to list the particular time with the ls command.

Access Time | atime | -ul
This is the time that the file was last accessed *or read*, unless noatime has been used for the mount point. (Mutt is the rare application that relies on access times, this Archlinux article discusses Mutt and relatime).

Change Time | ctime | -cl
This is the time that the* inode information* (permissions, name, etc, the metadata, as it were) was last modified.

Modify Time | mtime | -l
This is the last time the actual contents of the file were last modified.

atime doesn’t change when the file contents are written to, but both ctime and mtime do. Opening a file in an editor will of course read the file, thus changing the atime; but using* cat foo > bar* won’t change the atime of bar.


An old Unix hand told me this trick: directories for mount points should be created d–x–x–x. That way if the directory is unmounted, it’s obvious that “this directory is a mount point”.

comments powered by Disqus

  « Previous: Next: »