I have a directory that is showing up with the permission mask drwsrwsr-x
. When I try to reset the permissions to 755
the S still remains.
What is the "s" and why cant I change the permissions back to 775 (drwxrwxr-x
)?
I have a directory that is showing up with the permission mask drwsrwsr-x
. When I try to reset the permissions to 755
the S still remains.
What is the "s" and why cant I change the permissions back to 775 (drwxrwxr-x
)?
The s you are seeing in the "execute" position in the user and group column are the SetUID (Set User ID on Execution) and SetGID (Set Group ID on execution) bits.
Unix file permissions are actually a 4-digit octal number SUGO
You can remove the setuid bits from your directory with chmod ug-s directory
, or chmod 0755 directory
For more information see the man page for chmod
, and this Wikipedia page about the SetUID bit.
setuid and setgid (short for set user ID upon execution and set group ID upon execution, respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.
To remove the setuid and setgid bits numerically, you must prefix the bit-pattern with a 0
(e.g.: 0775
becomes 00775
).
Run to delete setuid and setgid:
chmod 00775 path
or
chmod a-st path
Adding to ooshro's answer...
If you use suid or sgid permissions on a directory, any files created inside that directory will have the same owner (if suid) or group (sgid) as the directory in question.
I use that for my home Samba share. The base directory is owned by user nobody and group olympia, and the permissions are 2770. So you have to be in the group olympia to read or write anything below that directory, and it will make sure olympia is the owning group of everything below it. I also have Samba configured to use a dirmask of 2770 and a filemask of 660 to keep the permissions correct all the way down the tree.