Special Permissions

Special Permissions

1. Umask: The default permissions are defined by umask. Default permissions for directories are 777 minus umask value and for files are same without execute permission.

Predefined umask for root user is 022. That mean files will have permission of 644 and directories will have of 755.

And umask for all other user’s is 002. That mean files will have permission of 664 and directories will have of 775.

The umask global configuration is stored in “/etc/bashrc” file. The umask value for other all user’s mention in line number 9 and for root user’s mention in line number 11. To change umask local configuration we can edit the “~/.bashrc” file in particular user’s home directory.

# vi /home/user_name/.bashrc

umask 027                (Enter a new line at bottom in this file)

We can change umask temporarily with the command is:

# umask  <umask_value>

For permanently change the global umask value:

# vi /etc/bashrc

8 if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then

9 umask 002        (For all other local users)

10 else

11 umask 022       (For root user)

12 fi

To view the current umask value:

# umask

2. SUID: SUID stand for Set User ID. It is set on the executable file of the owner. SUID set runs with the ownership of the program owner. That is, if you own an executable, and another person issues the executable, then it runs with your permission and not his. The default is that a program runs with the ownership of the person executing the binary.

3. SGID: SGID stand for Set Group ID. Files created in directory with SGID set have group affiliation of the group directory. The SGID bit is the same as of SUID, only the case is that it runs with the permission of the group. Another use is it can be set on folders,making nay files or folders created inside the SGID set folder to have a common group ownership.

4. Sticky Bit: Files in the directory with sticky bit set can be only removed by the owner or root user. Sticky bit was used on executables in linux (which was used more often)so that they would remain in the memory more time after the initial execution, hoping they would be needed in the near future. But since today we have more sophisticated memory accessing techniques and the bottleneck related to primary memory is diminishing, the sticky bit is not used today for this. Instead, it is used on folders, to imply that a file or folder created inside a stickybit-enabled folder could only be deleted by the creator itself. A nice implementation of sticky bit is the /tmp folder,where every user has write permission but only users who own a file can delete them. Remember files inside a folder which has write permission can be deleted even if the file doesn't have write permission. The sticky bit comes useful here.