AIX, Security, System Admin Difference between sticky bit and SUID/GUID

This is probably one of things that people mess up all the time. They both have to do with permissions on a file, but the SUID/GUID (or SETUID short for set-user-id/SETGID short for set-group-id) bit and the sticky-bit are 2 completely different things.

The SUID/GUID

The letters rwxXst select file mode bits for users:

  • read (r)
  • write (w)
  • execute (or search for directories) (x)
  • execute/search only if the file is a directory or already has execute permission for some user (X)
  • set user or group ID on execution (s)
  • restricted deletion flag or sticky bit (t)

The position that the x bit takes in rwxrwxrwx for the user octet (1st group of rwx) and the group octet (2nd group of rwx) can take an additional state where the x becomes an s. When this file when executed (if it's a program and not just a shell script), it will run with the permissions of the owner or the group of the file. That is called the SUID, when set for the user octet, and GUID, when set for the group octet.

So if the file is owned by root and the SUID bit is turned on, the program will run as root. Even if you execute it. The same thing applies to the GUID bit. You can set or clear the bits with symbolic modes like u+s and g-s, and you can set (but not clear) the bits with a numeric mode.

SUID/GUID examples

No SUID/GUID: Just the bits rwxr-xr-x are set:

# ls -lt test.pl -rwxr-xr-x 1 root root 179 Jan 9 01:01 test.pl

SUID and user's executable bit enabled (lowercase s): The bits rwsr-x-r-x are set.

# chmod u+s test.pl
# ls -lt test.pl
-rwsr-xr-x 1 root root 179 Jan  9 01:01 test.pl

SUID enabled and executable bit disabled (uppercase S): The bits rwSr-xr-x are set.

# chmod u-x test.pl
# ls -lt test.pl 
-rwSr-xr-x 1 root root 179 Jan  9 01:01 test.pl

GUID and group's executable bit enabled (lowercase s): The bits rwxr-sr-x are set.

# chmod g+s test.pl
# ls -lt test.pl 
-rwxr-sr-x 1 root root 179 Jan  9 01:01 test.pl

GUID enabled and executable bit disabled (uppercase S): The bits rwxr-Sr-x are set.

# chmod g-x test.pl
# ls -lt test.pl 
-rwxr-Sr-x 1 root root 179 Jan  9 01:01 test.pl

The sticky bit

The sticky bit on the other hand is denoted as a t, such as with the /tmp or /var/tmp directories:

# ls -ald /tmp
drwxrwxrwt 36 bin bin 8192 Nov 27 08:40 /tmp
# ls -ald /var/tmp
drwxrwxrwt  3 bin bin  256 Nov 27 08:28 /var/tmp

This bit should have always been called the "restricted deletion bit" given that's what it really denotes. When this mode bit is enabled, it makes a directory such that users can only delete files and directories within it that they are the owners of. For regular files the bit was used to save the program in swap device so that the program would load more quickly when run; this is called the sticky bit, but it's not used anymore in AIX.

More information can be found in the manual page of the chmod command or on http://en.wikipedia.org/wiki/Sticky_bit.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Ethernet tunning for VIOS and AIX for 10 Gib/sec environtement.
Viewed 9686 times since Thu, Feb 21, 2019
How to Configure Sendmail not to Look up MX records
Viewed 3174 times since Fri, Apr 19, 2019
0516-404 allocp: This system cannot fulfill the allocation request. [AIX]
Viewed 4674 times since Thu, Sep 20, 2018
AIX, Storage, System Admin Allocating shared storage to VIOS clients
Viewed 1992 times since Fri, Apr 19, 2019
Backup and Restore With AIX
Viewed 4032 times since Sat, May 19, 2018
How to setup an user in AIX
Viewed 2644 times since Mon, May 28, 2018
bootlist multiple boot logical volume found
Viewed 2486 times since Tue, Apr 16, 2019
AIX LVM QUORUM mysteries revealed
Viewed 2942 times since Wed, May 22, 2019
Migrating AIX User Environments
Viewed 1965 times since Wed, May 30, 2018
Install and configure yum on AIX
Viewed 4217 times since Thu, Feb 21, 2019