Master Linux SUID & SGID: Set, Verify, and Remove Special Permissions
This guide explains Linux's SUID, SGID, and sticky bit permissions, shows how to inspect them with stat and ls, and provides step‑by‑step commands to set, verify, and revoke these special bits on files and directories.
What Is SUID?
SUID (Set User ID) is a special file permission that allows a program to run with the privileges of its owner, typically root, regardless of who executes it. It is useful when a regular user needs to perform a privileged operation, such as the passwd command.
To view a file's SUID status, use stat or ls -l:
linuxmi@linuxmi:~/www.linuxmi.com$ stat /usr/bin/passwd
linuxmi@linuxmi:~/www.linuxmi.com$ ls -l /usr/bin/passwdTypical output shows permissions like (4755/-rwsr-xr-x), indicating the SUID bit is set.
How to Set SUID on a File
Use the numeric mode (the fourth digit) or the symbolic mode u+s:
$ chmod 4XXX [FILE-NAME]
$ chmod u+s [FILE-NAME]Example: creating a script linuxmi.sh that only the owner can execute:
linuxmi@linuxmi:~/www.linuxmi.com$ chmod 4744 linuxmi.sh
linuxmi@linuxmi:~/www.linuxmi.com$ ls -l linuxmi.shResulting permissions:
-rwsr--r-- 1 linuxmi linuxmi 243 Mar 11 21:15 linuxmi.shHow to Remove SUID
Remove the SUID bit without altering other permission bits using chmod u-s: $ chmod u-s [FILE-NAME] Verification:
linuxmi@linuxmi:~/www.linuxmi.com$ chmod u-s linuxmi.sh
linuxmi@linuxmi:~/www.linuxmi.com$ ls -l linuxmi.shOutput after removal:
-rwxr--r-- 1 linuxmi linuxmi 243 Mar 11 21:15 linuxmi.shWhat Is SGID?
SGID (Set Group ID) works like SUID but for groups. When set on an executable, the process runs with the file's group ID, allowing multiple users in that group to execute the program with shared privileges.
SGID is identified by an s in the group execute position (e.g., -rwxr-sr-x).
How to Set SGID on a File
Use the numeric mode (second digit) or symbolic mode g+s:
$ chmod 2XXX [FILE-NAME]
$ chmod g+s [FILE-NAME]Example applying SGID to linuxmi.sh:
linuxmi@linuxmi:~/www.linuxmi.com$ chmod 2755 linuxmi.sh
linuxmi@linuxmi:~/www.linuxmi.com$ ls -l linuxmi.shResult:
-rwxr-sr-x 1 linuxmi linuxmi 243 Mar 11 21:15 linuxmi.shHow to Remove SGID
Remove SGID with chmod g-s and verify with ls -l:
$ chmod g-s [FILE-NAME]
$ ls -l [FILE-NAME]After removal, the file returns to regular permissions:
-rwxr-xr-x 1 linuxmi linuxmi 243 Mar 11 21:15 linuxmi.shSummary
SUID and SGID are powerful Linux permission bits that let files execute with elevated user or group privileges. Use chmod u+s / chmod g+s to set them, and chmod u-s / chmod g-s to remove them, checking results with stat or ls -l.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Liangxu Linux
Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.