There are three special permissions in Linux.

• Special User ID (SUID)
• Special Group ID (SGID)
• Sticky Bit 

The special permissions can be represented by a number.

SUID

When a file has the SUID, the user that executes the file becomes the owner of the file while the file is executing. For example, let's say file1 is owned by root. When john.doe executes file1, the owner of file1 will be john.doe while the file is executing. This is useful on script files, such as BASH scripts. SUID has no impact on a directory.

The chmod command with the u+s (user plus special) option can be used to add the SUID permission to a file. The u-s (user minus special) can be used to remove the SUID permission from a file.

[john.doe@server1 ]# chmod u+s /path/to/file1

Likewise, the number 4 can be used to add the SUID permission to a file, and the number 0 can be used to remove the SUID permission from a file.

[john.doe@server1 ]# chmod 4660 /path/to/file1

Whe a file has the SUID permission, the letter "s" or "S" willl be displayed instead of the x (execute) permissions. Lower case "s" means the x (execute) permission is enabled, and upper case "S" means the x (execute) permission is not enabled.

-rwsr-xr-x 3 john.doe john.doe 4096 Jun 26 08:21 file1

Example

The /usr/bin/passwd command has the SUID bit set. This allows non-root users to run the passwd command as root.

-rwsr-xr-x 1 root root 4096 Jun 26 08:21 /usr/bin/passwd

SGID

When a file has the SGID permission, the user that executes the file temporarily becomes a member of the group. For example, let's say file1 has the root group with permission r-x. If John Doe executes file1, John Doe will temporarily be a member of the root group, thus have the r-x permission on the file.

When a directory has the SGID permission, files added to the directory will be the group of the parent directory. For example, if the group of /var/www is webgroup, and then /var/www/foo is create, the group of /var/www/foo will be webgroup.

Let's say the /var/www directory does not have the SGID bit set.

-rwxrwxr-x 3 root root 4096 Jun 26 08:21 /var/www

And John Doe created foo.txt.

[john.doe@server1 ~] touch /var/www/foo.txt

In this scenario, foo.txt will contain John Doe's primary group, which is the john.doe group in this example.

-rw-r-r-- 3 john.doe john.doe 0 Jun 26 08:21 /var/www/foo.txt

Let's set the SGID bit on the /var/www directory.

[root@server1 ~]# chmod g+s /var/www

Now the /var/www directory has the SGID bit set, as indicated by the "s" character. Note that a lower case "s" means the execute permission is set and an upper case "S" means the execute permission is not set.

-rwxrwsr-x 3 root root 4096 Jun 26 08:21 /var/www

And John Doe created bar.txt.

[john.doe@server1 ~] touch /var/www/bar.txt

Now the bar.txt contains the group of the /var/www directory, which is root in this example.

-rw-r-r-- 3 john.doe root 0 Jun 26 08:21 /var/www/bar.txt

Sticky Bit

• File: Sticky bit has no effect on files
• Directory: If a directory has the write permission, sticky bit ensures that anyone can add files to the directory, but you can only delete files you own

The chmod command with the o+t (other plus sticky) option can be used to add the Sticky Bit permission to a file. The o-t (other minus sticky) can be used to remove the Sticky Bit permission from a file.

[john.doe@server1 ]# chmod o+t /path/to/file1

Likewise, the number 1 can be used to add the Sticky Bit permission to a file, and the number 0 can be used to remove the Sticky Bit permission from a file.

[john.doe@server1 ]# chmod 1660 /path/to/file1

Whe a file has the SGID permission, the letter "t" or "T" willl be displayed instead of the x (execute) permissions. Lower case "t" means the x (execute) permission is enabled, and upper case "T" means the x (execute) permission is not enabled.

-rwxr-xr-t 3 john.doe john.doe 4096 Jun 26 08:21 file1

Locating files

The find command with the -perm (permissions) option can be used to search for files with a certain set of permissions. For example, lets say file1 is 4660. 

[root@server1 ~]# find / -perm 4660
/home/user1/file1

Let's say file2 is 2660.

[root@server1 ~]# find / -perm 2660
/home/user1/file2

Let's say file3 is 1660.

[root@server1 ~]# find / -perm 1660
/home/user1/file3