SGID, SUID and Sticky Bit are special file permissions assigned to either files, folders or programs used in Kali Linux.
SUID
SUID stands for Set User IDentification. It’s one of the unique permissions in Kali Linux that enables a user to have capabilities beyond those they already have. With this permission configured, a different user can execute commands and run programs in their place because they will acquire the UID of the owner. When we run a ls -l command on the terminal, the presence of SUID is shown by a “s” in the user section. The application or file has a special permission if it has a small or capital “s” on the permissions section. A small “s” signifies that the user can run the file, command, or program, while a capital “S” means that the user cannot. SUID is a special permission for the user.
NOTE : If the owner does not have execute permission to the file, command or program use a capital “S”.
SGID
SGID stand for Set Group IDentification. By inheriting the GID of the group owner, this special permission enables the execution of files, instructions, or programs by other users. A small “s” is used to indicate this in the group authorization. This can be seen in the group permission and it is shown by a small “s”. SGID is a special permission for group users.
NOTE: If the owning group does not have execution permission, use the capital “S”.
STICKY BIT
Sticky bit permission setting grants the owner or root user the ability to change, remove, or rename a file or folder. This permission prevents unauthorized users from altering the files or folders of the owner. When a folder has the sticky bit permission, which is indicated by the letter “t,” files that are not owned by that user cannot be deleted from that directory. Any file with this permission can only be removed by the owner, root or anyone who has the write permission in it.
NOTE: The SUID and SGID permission when set, they replace the ‘x’ in the permission.
SUID, SGID, AND STICKY BIT ADDING AND REMOVING IN KALI LINUX
To set the SUID permission, we use the following command;
chmod u+s filename orfoldername
To set the SGID permission, we use the following command;
chmod g+s filename or foldername
To set the STICKY BIT permission, we use the following command;
chmod +t filename or foldername
To remove the SUID permission, we use the following command;
chmod u-s filename or foldername
To remove the SGID permission, we use the following command;
chmod g-s filename or foldername
To remove the STICKY BIT permission, we use the following command;
chmod -t filename or foldername
USING FIND TO SEARCH FOR SUID AND SGID PERMISSION FILES
In Kali Linux, the find command can be used to look for files that have these unique permissions. To search for files having the SUID permission we use the following command;
find / -perm +4000 2>&1
To search for files with the SGID permission we use the following command;
find / -perm +2000 2>/dev/null
We can use the find command to search for files using the SGID and SUID file permissions simultaneously using the command below;
find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \;
NOTE: SUID and SGID can be represented with numbers as follows:
- SUID = 4
- SGID = 2
- Sticky = 1
It appears in a command as follows:
chmod +X*** filename or foldername
where ;
X -> represents the number assigned to either SUID, SGID or STICKY BIT (4 or 2 or 1)
*** -> The additional file permission numbers as shown here should be substituted for the three asterisks.
Using the links below, you can access the earlier pieces in the series:
Hope you enjoyed and learnt something ;).
Happy hacking !!