Linux Commands

Special Permissions: SUID, GUID, and sticky bit

On Linux, everything is a file, and everything has owners. The special owner is, known as the root, also has special permissions to run anything and everything. Everyone else has limited privileges and very limited access to files and folders. In order to elevate our privileges, one needs to use the sudo command. However, it isn’t a good idea to give out the root password to random people whenever they need to do something that requires higher privileges. So what can you do then? Well, we can use what is known as SUID, GUID and sticky bits. In this tutorial, we will be reviewing the concept of SUID, GUID and sticky bits.

SUID

SUID or Set Owner User ID is a permission bit flag that applies to executables. SUID allows an alternate user to run an executable with the same permissions as the owner of the file instead of the permissions of the alternate user.

Let’s use an example to demonstrate SUID. Suppose that there are three users: KALYANI, SARA and JOHN. Suppose that KALYANI has full root access; that is to say, she can use the sudo command with a valid password. Suppose further that both SARA and JOHN have less or very limited privileges on the machine. Now suppose that we have an executable (ex: su, used to switch users) that belongs to ROOT. Mind you, this is important; it belongs to ROOT, and therefore only ROOT has the permissions to execute it!!!

However, let’s say we assign it SUID. Because we assigned it SUID, that executable, su, is run not as SARA or JOHN but rather as ROOT. Technically, SARA can run her files, and JOHN is allowed to run his files. They aren’t allowed to run files that belong to the root. If they do want to run it, typically, you’ll need to type the sudo command. But here, SARA runs a file that she doesn’t own! And so what we note is that when using SUIDs, the executable is run as the owner of the file, ROOT, and not the person running it (ex: SARA or JOHN).

For example, let’s take the passwd command. The passwd command is used to change a user’s password. Now, if we look at the file in detail, we’ll notice that instead of an x which stands for executing, there will be an “s”. The “s” here stands for SUID. You will further note that the file belongs to ROOT. This technically means that only ROOT has the permission to execute it; however, you will note that everyone can execute the command. As such, with the SUID permissions set, this particular executable can be executed by both SARA and JOHN when it doesn’t actually belong to them! Both SARA and JOHN get the same permissions as ROOT when running this particular executable. This is so even when both SARA and JOHN don’t have root access and don’t have root privileges.

Untitled

So, in short, because of SUID, both SARA and JOHN will be running the passwd command as if they were its owner, ROOT!

Now suppose for a moment that I remove the SUID from the passwd command. Let’s see what will happen (in the image below).

Untitled9

Now let’s see what will happen when we try to use the passwd command (once SUID has been removed):

Untitled10

As you can see, when I removed the SUID from the passwd command and then tried to execute it as SARA, it refused to execute it. It resulted in an error!

SUID is NOT something to be taken lightly, and as such, one must be very careful when assigning it. In fact, there are special attacks in cybersecurity that aim precisely at executables running on SUID.

In order to find those executables that have an SUID set, we type:

# to get all the suids

find / -perm -4000 2> /dev/null

# to get all the guids

find / -perm -2000 2> /dev/null

# find all sticky bits

find / -perm -1000 2> /dev/null

Setting SUID

Now, we need to learn how to set SUIDs. There are two ways of using chmod: numeric and symbolic.

Using the numeric method:

We use following code to set permissions:

SETUID = 4

SETGID = 2

STICKY = 1

NONE = 0

READ = 4

WRITE = 2

EXECUTE = 1

During regular permissions, we would write the following:

chmod 0777 executable

The latter would imply that we give read, write and execute permissions to the user, the group and others. Now, to use a SUID, we would write the following:

chmod 4XXX executable

Ex:

chmod 4744 script

Here, what we have to note is the 4 in the first position. The 4 gives SUID permissions.

Here, it would look like this:

Untitled5

The x for executing will be replaced by an “s”. Now, if the file has not been set to be an executable, then it will be a capital s (“S”). So here we have:

-rwsr--r--

The “s” means that SUID has been set (and the file is executable)!

Using the symbolic method:

The same can be carried out using the symbolic method as well:

chmod u+s executable

Ex:

chmod u+s script

Now here, there are times when you might see a capital “S”. The capital “S” means that the file isn’t executable yet.

To revoke the SUID rights, type:

chmod u-s executable

Ex:

chmod u-s script

GUID

GUID is similar to SUID. In the SUID, the executable in question runs with the privileges of the owner of the file. In the GUID, if it’s an executable, then it runs with the permissions of the group. If it’s a directory, it results in all new files and directories created to belong to the group.

To set the GUID using the numeric method:

chmod 2XXX executable

Ex:

chmod 2744 script

Here, the point to note is the 2 (in the first position), which stands for GUID.

Untitled6

To set the GUID using the symbolic method:

chmod g+s executable

Ex:

chmod g+s script

However, here, I first see:

Untitled7

Here, there’s a capital “S”. This means that the file is not executable. This can easily be fixed by executing the following code:

chmod +x executable

Ex:

chmod +x script

Sticky Bits

Sticky bits apply to directories. When sticky bits are set on a particular directory, any user who has access to the directory and its contents can only delete their own files and cannot touch or delete files belonging to someone else. Sticky bits are typically used when using a shared folder. No one person can delete another’s file within the shared folder even if the permission is 777.

To set sticky bits using the numeric method:

chmod 1XXX executable

Ex:

chmod 1744 script

Here, we use the 1 in the first position to denote that it will be a sticky bit.

To set sticky bits using the symbolic method:

chmod o+t executable

Ex:

chmod o+t script

Untitled8

Permissions are a crucial part of Linux. The chmod command is typically used to set and modify simple permissions. However, there are special permissions that one can set using the chmod command as well. These special permissions are known as SUID, GUID, and sticky bit. When applied on a particular executable, special permissions run with the permissions of the owner of the file or the group. In other words, it elevates the user’s privileges to that of the owner, typically root, temporarily when using that executable. However, incorrect usage of the special permissions can become a serious threat. In fact, in the field of cybersecurity, it is used as a potential vulnerability to escalate privileges on a machine. So use it wisely and very, very carefully!

Happy Coding!

About the author

Kalyani Rajalingham

I'm a linux and code lover.