43

I have a directory that is showing up with the permission mask drwsrwsr-x. When I try to reset the permissions to 755 the S still remains.

What is the "s" and why cant I change the permissions back to 775 (drwxrwxr-x)?

voretaq7
  • 79,345
  • 17
  • 128
  • 213
Matt Elhotiby
  • 879
  • 3
  • 10
  • 22

3 Answers3

41

The s you are seeing in the "execute" position in the user and group column are the SetUID (Set User ID on Execution) and SetGID (Set Group ID on execution) bits.

Unix file permissions are actually a 4-digit octal number SUGO

  • S controls the SetUID (4), SetGID (2) and "Sticky" (1) bits
  • U controls Read(4)/Write(2)/Execute(1) bits for the file owner
  • G controls the Read/Write/Execute bits for the file's group
  • O controls the Read/Write/Execute bits for everyone else.

You can remove the setuid bits from your directory with chmod ug-s directory, or chmod 0755 directory

For more information see the man page for chmod, and this Wikipedia page about the SetUID bit.

Hrvoje Špoljar
  • 5,162
  • 25
  • 42
38

setuid and setgid

setuid and setgid (short for set user ID upon execution and set group ID upon execution, respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.

To remove the setuid and setgid bits numerically, you must prefix the bit-pattern with a 0 (e.g.: 0775 becomes 00775).

Run to delete setuid and setgid:

chmod 00775 path

or

chmod a-st path
ooshro
  • 10,874
  • 1
  • 31
  • 31
3

Adding to ooshro's answer...

If you use suid or sgid permissions on a directory, any files created inside that directory will have the same owner (if suid) or group (sgid) as the directory in question.

I use that for my home Samba share. The base directory is owned by user nobody and group olympia, and the permissions are 2770. So you have to be in the group olympia to read or write anything below that directory, and it will make sure olympia is the owning group of everything below it. I also have Samba configured to use a dirmask of 2770 and a filemask of 660 to keep the permissions correct all the way down the tree.

baumgart
  • 2,423
  • 18
  • 17