Advance File Permissions in Linux
Last Updated :
12 Nov, 2025
Linux offers three advanced special permissions: SUID, SGID, and Sticky Bit, that provide enhanced control over file execution and directory access.
- SUID allows executables to run with the file owner's privileges instead of the user executing it
- SGID on files runs executables with the file's group privileges; on directories, new files inherit the directory's group
- Sticky Bit on directories restricts file deletion to file owner, directory owner, or root only
- Only file owner or root can set SUID/SGID bits
- Octal values: 4 = SUID, 2 = SGID, 1 = Sticky Bit
Let's explore each special permission with practical examples:
1. Set-User-ID (SUID)
When SUID is set on an executable file, it runs with the owner's privileges instead of the user who executes it. This is commonly used for system utilities like passwd that need elevated privileges.
Setting SUID
Symbolic Notation:
chmod u+s filename
Output:
Octal Notation:
chmod 4755 filename
The octal 4 prefix sets SUID. For example, 4755 = SUID + rwxr-xr-x.
Output:
In output, as you notice "s" letter instead of usual "x" to execute permission for the owner. This letter "s" indicates that SUID(set-user-ID) bit has been set for the file or directory in question.
Removing SUID
chmod u-s filename
Output:
2. Set-Group-ID (SGID)
SGID on Files
When SGID is set on an executable, it runs with the file's group privileges.
Setting SGID on Files:
Symbolic Notation:
chmod g+s filename
Output:
Octal Notation:
chmod 2755 filename
Output:
As you notice "s" letter instead of usual "x" in execute permission for the group. This letter "s" indicates that SGID(set-group-ID) bit has been set for the file or directory in question.
Example:
chmod g+s /usr/bin/myapp
ls -l /usr/bin/myapp
Output:
SGID on Directories
When SGID is set on a directory, all newly created files and subdirectories inherit the directory's group ownership instead of the creator's default group. This is extremely useful for collaborative environments.
Example: Creating a Shared Directory
Step 1: Create a directory owned by root:root
Command:
sudo mkdir /shared
sudo ls -ld /shared
Output:
Step 2: Create a subdirectory as a different user
Command:
su - alice
mkdir /shared/alice_dir
ls -ld /shared/alice_dir
Output:
The subdirectory has alice's group ownership (not root's).
Step 3: Set SGID on parent directory
Command:
chmod g+s /shared
ls -ld /shared
Output:
Removing SGID
chmod g-s filename_or_directory
3. The Sticky Bit
3. The Sticky Bit
When the sticky bit is set on a directory, only the file owner, directory owner, or root can delete or rename files within that directory, even if others have write permissions. This prevents users from deleting each other's files in shared directories.
Common Use Case: /tmp Directory
ls -ld /tmp
Notice the t at the end instead of x for others, indicating the sticky bit is set.
Setting Sticky Bit
Symbolic Notation:
chmod +t directoryname
Octal Notation:
chmod 1777 directoryname
Example: Creating a Shared Folder
Step 1: Create a shared folder with full permissions
mkdir /sharedFolder
chmod 777 /sharedFolder
ls -ld /sharedFolder
As you notice "t" letter instead of usual "x" in execute permission for the others. This letter "t" indicates that a sticky bit has been set for the file or directory in question. Now because the sticky bit is set on the sharedFolder, files/directory could only be deleted by the owners or root user.
Step 2: Test deletion without sticky bit
su - alice
touch /sharedFolder/alice_file
su - bob
rm /sharedFolder/alice_file # Bob can delete Alice's file!
Removing Sticky Bit
chmod -t directoryname
Permission Summary
Here is the summary table for special permissions:
| Permission | Symbolic | Octal | Effect on Files | Effect on Directories |
|---|
| SUID | u+s | 4 | Run as file owner | Not applicable |
| SGID | g+s | 2 | Run as file's group | New files inherit directory's group |
| Sticky Bit | +t | 1 | Not commonly used | Only owner can delete files |
Visual Indicators:
| Display | Meaning |
|---|
| s(lowercase) | Special permission set AND execute permission present |
| S(uppercase) | Special permission set but NO execute permission |
| t(lowercase) | Sticky bit set AND execute permission present |
| T(uppercase) | Sticky bit set but NO execute permission |
Special file permissions: SUID, SGID, and Sticky Bit, provide powerful access control mechanisms beyond standard rwx permissions. SUID allows executables to run with elevated privileges, SGID ensures consistent group ownership in collaborative directories, and the Sticky Bit protects files in shared spaces. Understanding and properly configuring these permissions is essential for secure Linux system administration and effective multi-user environments.
File and Directory Permissions in Linux
Explore
Linux/Unix Tutorial
5 min read
Getting Started with Linux
Installation with Linux
Linux Commands
Linux File System
Linux Kernel
Linux Networking Tools
Linux Process
Linux Firewall
Shell Scripting & Bash Scripting