1,885
edits
Changes
→Special Permissions
There are three additional, "special" permissions:
* '''Set User ID (SUID) ''' - when applied to an executable program file, this permission changes the effective user ID from the user executing the file to the owner of the file for the duration of the process. For example, if a user <code>jdoe</code> executes the <code>passwd</code> command (which is owned by the <code>root</code> user and has the Set User ID permission enabled), the effective user ID is temporarily changed to <code>root</code> while that command is executing. This enables the <code>passwd</code> command to change the user's password in the <code>/etc/shadow</code> file, which they otherwise do not have access to.* '''Set Group ID (SGID) ''' - when applied to an executable program file, this permission is similar to SUID, but it changes the effective group ID instead of the effective user ID. When applied to a directory, this causes all newly-created files and directories with that directory to be owned by the same group that owns the directory. For example, if the directory <code>/var/www/html/</code> is owned by the group <code>website</code>, then any file or directory created within <code>/var/www/html/</code> will automatically be owned by the group <code>website</code> instead of the group of the person creating the file.* '''Sticky bit (t) ''' - when applied to a directory, any file within that directory may be renamed or deleted only by the owner of the file, by the owner of the directory, or by a privileged process (for example, <code>root</code>, the master system administrator), regardless of any other permissions that might be set. The system's temporary directoriers (<code>/tmp</code> and <code>/var/tmp</code>) have this turned on.
These permissions are represented in the <code>ls -l</code> output as modifications of the 'x' character: