Volkan Gülen
← blog
24.12.09 4 min
Unix ACL

drwxrwsr-t volkan devs folder 12345 Dec 9 01:23 | what is this s--t?

Understanding setuid, setgid and sticky bits in the chmod Command

Here’s an example output of the ls -l command:

code
-rwsr-xr-x 1 volkan developers 12345 Dec 9 01:23 myfile

You might think what the s is this? Don’t worry. Let’s dive into the details.

Introduction

Have you ever wondered how certain programs on your system gain the necessary permissions to perform specific tasks? Or how shared directories manage access among multiple users seamlessly? These functionalities often hinge on special permission flags in Unix-like operating systems.

Imagine a scenario where a user needs to perform tasks that require higher privileges than their current access level permits. How can the system securely grant the necessary permissions without exposing vulnerabilities? This is where setuid and setgid come into play. These special permission flags allow executable files to run with the permissions of the file owner or group, respectively, enabling controlled privilege escalation.

What are setuid, setgid and sticky bits?

Let’s start with the definitions:

  • setuid (Set User ID): When the setuid bit is set on an executable file, the program runs with the permissions of the file owner, rather than the user who executed it. This is particularly useful for programs that need to perform tasks requiring higher privileges, such as changing passwords.

  • setgid (Set Group ID): Similarly, the setgid bit allows an executable to run with the permissions of the file’s group. Additionally, when set on a directory, it ensures that new files and subdirectories inherit the group ID of the directory, providing shared access among group members.

  • sticky: The sticky bit is primarily used on directories to prevent users from deleting files they do not own. When set, users can only delete files they own.

Why do we use them?

Addressing Permission Challenges

  • Privilege Escalation: Some tasks require higher privileges than a regular user have. Instead of granting users full administrative rights, setuid allows specific programs to execute with elevated permissions safely.

  • Shared Directories: In shared directories, to maintaining consistent group ownership. setgid automates group assignment for new files, inheriting the group ID of the parent directory.

  • Security and Efficiency: By controlling which programs have elevated privileges, setuid and setgid help maintain system security while ensuring necessary functionalities are accessible. This approach minimizes the risk of unauthorized access or accidental system modifications.

  • Unwanted deletion prevention: The sticky bit is particularly useful in shared directories where multiple users have write access, ensuring that users can only delete their files.

Using chmod to set the special bits

The chmod command is used to change the file mode (permissions) of a file or directory. To set setuid and setgid bits, you can use symbolic or numeric modes.

Symbolic Mode

  • Set setuid:
code
  chmod u+s filename
  • Set setgid:
code
  chmod g+s filename
  • Set sticky:
code
  chmod +t directory

Numeric Mode

  • Set setuid: Add 4000 to the existing permission value.
  • Set setgid: Add 2000 to the existing permission value.
  • Set sticky: Add 1000 to the existing permission value.

For example, to set both setuid and setgid on a file with existing permissions 755:

code
chmod 6755 filename

A few Examples

Example 1: Using setuid for a Script

Suppose you have a script that needs to perform tasks requiring root privileges, such as modifying a service settings. Here’s how you can set the setuid bit to allow the script to run with root permissions.

  1. Create the Script:

    code
    #!/bin/bash

# Reset network settings
systemctl restart network
echo "Network settings have been reset."

  2. Change Ownership to Root:

    code
    sudo chown root:root /usr/local/bin/network-reset.sh

  3. Set setuid Bit:

    code
    sudo chmod u+s /usr/local/bin/network-reset.sh

  4. Set Executable Permissions:

    code
    sudo chmod 755 /usr/local/bin/network-reset.sh

Result: Now, any user can execute /usr/local/bin/network-reset.sh, and it will run with root privileges, allowing the network settings to be reset without granting full root access to the user. As you can see this can introduce various security vulnerabilities. So, use it with caution.

Example 2: Managing Shared Directories

In a collaborative environment, you might have a directory where multiple users need to create and modify files. Ensuring that all files inherit the same group ownership simplifies permission management.

  1. Create the Shared Directory:

    code
    mkdir /srv/shared

  2. Change Group Ownership:

    code
    sudo chown root:developers /srv/shared

  3. Set Appropriate Permissions with setgid and sticky bit:

    code
    sudo chmod 3775 /srv/shared

Result: Any new files or subdirectories created within /srv/shared will automatically inherit the developers group, ensuring consistent group ownership. The sticky bit prevents users from deleting files they don’t own.

Careful Considerations

  • Use Least Privilege Principle: Grant the minimal necessary permissions required for functionality, reducing potential attack vectors.
  • Avoid usage as Possible: Limit the use of these specific flags to only specific cases where elevated permissions are essential, avoiding unnecessary risks.

One Last Note

Always remember to use these powerful tools responsibly, having a secure system is better than creating a vulnerability while trying to be smart.