Linux Tips Ep 4 : SGID, SUID AND STICKY BIT File Permissions Explained.

SGID, SUID and Sticky Bit are special file permissions assigned to either files, folders or programs used in Kali Linux.

SUID

SUID stands for Set User IDentification. It’s one of the unique permissions in Kali Linux that enables a user to have capabilities beyond those they already have. With this permission configured, a different user can execute commands and run programs in their place because they will acquire the UID of the owner. When we run a ls -l command on the terminal, the presence of SUID is shown by a “s” in the user section. The application or file has a special permission if it has a small or capital “s” on the permissions section. A small “s” signifies that the user can run the file, command, or program, while a capital “S” means that the user cannot. SUID is a special permission for the user.

NOTE : If the owner does not have execute permission to the file, command or program use a capital “S”.

SGID

SGID stand for Set Group IDentification. By inheriting the GID of the group owner, this special permission enables the execution of files, instructions, or programs by other users. A small “s” is used to indicate this in the group authorization. This can be seen in the group permission and it is shown by a small “s”. SGID is a special permission for group users.

NOTE: If the owning group does not have execution permission, use the capital “S”.

STICKY BIT

Sticky bit permission setting grants the owner or root user the ability to change, remove, or rename a file or folder. This permission prevents unauthorized users from altering the files or folders of the owner. When a folder has the sticky bit permission, which is indicated by the letter “t,” files that are not owned by that user cannot be deleted from that directory. Any file with this permission can only be removed by the owner, root or anyone who has the write permission in it.

NOTE: The SUID and SGID permission when set, they replace the ‘x’ in the permission.

SUID, SGID, AND STICKY BIT ADDING AND REMOVING IN KALI LINUX

To set the SUID permission, we use the following command;

chmod u+s filename orfoldername

To set the SGID permission, we use the following command;

chmod g+s filename or foldername

To set the STICKY BIT permission, we use the following command;

chmod +t filename or foldername

To remove the SUID permission, we use the following command;

chmod u-s filename or foldername

To remove the SGID permission, we use the following command;

chmod g-s filename or foldername

To remove the STICKY BIT permission, we use the following command;

chmod -t filename or foldername

USING FIND TO SEARCH FOR SUID AND SGID PERMISSION FILES

In Kali Linux, the find command can be used to look for files that have these unique permissions. To search for files having the SUID permission we use the following command;

find / -perm +4000 2>&1

To search for files with the SGID permission we use the following command;

find / -perm +2000 2>/dev/null

We can use the find command to search for files using the SGID and SUID file permissions simultaneously using the command below;

find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \;

NOTE: SUID and SGID can be represented with numbers as follows:

  • SUID = 4
  • SGID = 2
  • Sticky = 1

It appears in a command as follows:

chmod +X*** filename or foldername

where ;

X -> represents the number assigned to either SUID, SGID or STICKY BIT (4 or 2 or 1)

*** -> The additional file permission numbers as shown here should be substituted for the three asterisks.

Using the links below, you can access the earlier pieces in the series:

Episode 1

Episode 2

Episode 3

Hope you enjoyed and learnt something ;).

Happy hacking !!

Share this article
Charles Koome
Charles Koome

I am a cyber security enthusiast and love all kinds of tech stuff. I love playing CTFs and doing penetration testing(websites and mobile applications).

Articles: 9

Leave a Reply

Your email address will not be published. Required fields are marked *