Permissions
| Octal | Symbol | Permission |
|---|---|---|
0
|
---
|
No permissions |
1
|
--x
|
Execute |
2
|
-w-
|
Write |
3
|
-wx
|
Write and execute |
4
|
r--
|
Read |
5
|
r-x
|
Read and execute |
6
|
rw-
|
Read and write |
7
|
rwx
|
Read, write and execute |
File Types
|
|
Regular file Example: |
|
|
Directory Example: |
|
|
Symbolic link Example: |
|
|
Block special device Example: |
|
|
Character device Example: |
|
|
Unix socket Example: |
|
|
Named pipe Example: |
Special Mode Bits
|
When the setuid permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root) This special permission allows a user to access files and directories that are normally only available to the owner. Example: The setuid permission on the passwd command makes it possible for a user to change passwords, assuming the permissions of the root ID:
|
|
|
The set-group identification (setgid) permission is similar to setuid, except that the process's effective group ID (GID) is changed to the group owner of the file. Example: The /usr/bin/mail command has setgid permissions:
|
|
|
Sticky Bit The sticky bit is a permission bit that protects the files within a directory. If the directory has the sticky bit set, a file can be deleted only by the owner of the file, the owner of the directory, or by root. Example: This special permission prevents a user from deleting other users' files from public directories such as /tmp:
|
|
|
|
setuid is set, but user (owner) execute permission is not set |
|
|
setuid and user execute persmission are both set |
|
|
setgid is set, but group execute permission is not set |
|
|
setgid and group execute permission are both set |
|
|
sticky bit is set, but other execute permission is not set |
|
|
sticky bit and other execute permission are both set |
|
Note: Use setuid, and setgid with caution, incorrect use of setuid, and setgid can pose a security risk. |
|