Adrian Collier - Special Modes

Special Modes

The 'chmod' command is short for change mode. It allows the administrator to set the permissions and special modes for directories and files.

The 'chmod' command accepts up to four digits to represent an octal number. This allows you to set the setuid, setgid, and sticky modes via the first digit.

Most of us are familiar with the following command.


chmod 755 file


Since the setuid, setgid, and sticky bits are not set, this is equivalent to the following.


chmod 0755 file


The setuid mode sets the user id, which is used on executable files to allow the executable file to be run as the file owner of the executable rather than as the user logged into the system. It can also be used on a directory to change the ownership of files created in or moved to that directory to be owned by the directory owner rather than the user who created it.

The setgid mode sets the group id, which functions similar to that of the setuid mode yet applies to groups instead.

The sticky mode is used for shared directories to prevent users from renaming or deleting each other's files. The only users who can rename or delete files in directories with the sticky bit set are the file owner, the directory owner, or the super-user (root). The sticky bit is represented by the letter t in the last position of the other permissions display.

Here are a few examples.


mkdir test
chmod 777 test
chmod +t test
ls -l

drwxrwxrwt 2 admin photography 4096 Apr 01 12:00 test


This is equivalent to the following.


mkdir test
chmod 1777 test
ls -l

drwxrwxrwt 2 admin photography 4096 Apr 01 12:00 test


Lets take this one step further. Lets say we needed a directory which other users could create or move files into. We also wanted those files to default to a specific username and group. This is where the setuid and setgid options come in.


mkdir test
chmod 777 test
chmod u+s,g+s test
ls -l

drwsrwsrwx 2 admin photography 4096 Apr 01 12:00 test


This is equivalent to the following.


mkdir test
chmod 6777 test
ls -l

drwsrwsrwx 2 admin photography 4096 Apr 01 12:00 test


Now anyone may create or move files into this directory and they will become owned by adrian and the group photography.


<
>