Except for basic Management of files and users in the Linux command line there exist some special permissions or files, that the user does not encounter that often.
Linux command line in Active24 for your hosting is offered as a web console, which you can work at in your web browser like Google Chrome. In the same way you can manage the Virtual server (VPS). We gain the access to the Linux command line environment, that works independently on operating system.
Execute file as Set owner User ID up on execution (SUID)
To run some programs in Linux we do not need the user root (e.g. via command sudo), even if the owner of the program is root. For example program serving for changing user password passwd does belong to the root, but any user can run it. It is possible because the file has set the right to run (letter x) along with right to run under the account owner (letter s). It is shown with letter s replacing the letter x (if it is enabled) or capital S (if it is disabled).
ls -l /usr/bin/passwd
Thank to this setting any user can change the password and write it down to the files like /etc/passwd or /etc/shadow – to which only root user has access. Passwords of other user cannot be changed by the standart user. The passwd program compares the UID of the user that runs the program to change the password. If the UIDs are not matching, the program passwd will deny the request.
Right to run the files under the account owner can be added (second and fourth line) or deleted (third and fifth line) with the chmod command with letter s (second and fifth line) or number 4 (fourth line), that we place before the other numbers:
touch ~/common_file.txt
chmod u+s ~/common_file.txt
chmod 0764 ~/common_file.txt
chmod 4764 ~/common_file.txt
chmod u-s ~/comon_file.txt
Executing file with Set Group ID up on execution (SGID)
The same, as with running with the SUID also works with executing the program under the primary group (SGID). The difference is that the right to run the program is set for a group (second and fifth line) and the number will be 2 (fourth line):
mkdir ~/test_directory
chmod g+s ~/test_directory
chmod 0764 ~/test_directory
chmod 2764 ~/test_directory
chmod g-s ~/test_directory
The advantage of SGID is that the right is set for a directory and therefore all files and directories inside the directory will have the SGID set as well. They will not have the right set to a user that created them. This advantage can be used for sharing files in the network via Samba server, so all the files (regardless of creator) will have the same rights.
Protecting files against renaming or deleing (Sticky Bit)
The letter t or a number 1 instead of x in rights of others marks a file, that can be renamed or deleted only by the owner of the file or root user. A directory /tmp and all its files and directories is protected in this way. The file can be set as protected against renaming or deleting by:
chmod +t ~/test/common_file.txt
chmod 1764 ~/test/common_file.txt
chmod -t ~/test/common_file.txt
chmod 0764 ~/test/common_file.txt
After you run the command ls -l ~/test/common_file.txt now in the first column is a letter T (when the execution is forbidden) or letter t (if the execution is allowed).
Summary
We have shown you the special rights of files, that are used even by our system administrators. Since these rights may influence other files and directories, it is very important to use these rights consciously. These rights for system files and directories are adviced not to change or more precisely the change should have a serious reason and you need to be mindful of consequences.