// learn · linux · rhcsa · 9 min

SUID, SGID & sticky.

Beyond rwx there's a fourth octal digit holding three special bits. SUID makes a program run as its owner, SGID controls group behavior on files and directories, and the sticky bit protects shared directories like /tmp. Watch each one flip and see what changes.

SUID, SGID, and sticky bit animated tutorial. The fourth octal permission digit, setuid (run as owner), setgid on files and directories (group inheritance), sticky bit (shared directory delete protection), symbolic and octal chmod, find -perm. RHCSA EX200 ready.
// special permission bits

chmod 755 is secretly chmod 0755 — there's a fourth digit. It holds three bits that change how programs run and how shared directories behave.

// before you start
you should know
  • ·Comfortable with normal rwx permissions and octal (755, 644)
  • ·Know the difference between owner, group, and other
  • ·Helpful: the chmod calculator tool
by the end you'll

Read and set SUID, SGID (on files and directories), and the sticky bit — in both symbolic and octal form — and audit for them with find.

pace: 9 minutes

permission bits — step 1 / 6 · rwx recap
OCTAL0special7owner5group5otherspecial digit = SUID(4) + SGID(2) + sticky(1)SUID = 4 SGID = 2 sticky = 1 SYMBOLICrwxr-xr-xe.g.-rwxr-xr-x /usr/bin/lsordinary executable

Recap — the three normal triads

Standard permissions are three groups of rwx: owner, group, other. As octal that's three digits — 755 means rwx for owner, r-x for group, r-x for other. But there's a hidden FOURTH digit in front (usually 0) that holds the three special bits. chmod 755 is really chmod 0755.

// key insight

The special bits reuse the execute slot in the symbolic view: SUID shows in the owner's x (s), SGID in the group's x (s), sticky in the other's x (t). Lowercase means the execute bit is also on; UPPERCASE means it isn't — almost always a mistake. When auditing a server, an unexpected SUID-root binary is the first thing an attacker plants and the first thing you should hunt for.

// exam-ready · setting and finding special bits
$chmod u+s file
$chmod 4755 file
$chmod g+s file_or_dir
$chmod 2775 dir
$chmod +t dir
$chmod 1777 dir
$chmod u-s file
$chmod 0755 file
$find / -perm /4000
$find / -perm /2000
$find / -perm /1000
$find / -perm -4000 -user root
$ls -l /usr/bin/passwd
$stat -c '%A %a %n' file
$rwsr-xr-x = 4755
$rwxrwsr-x = 2775
// check yourself
4 quick questions
Q1

Why is /usr/bin/passwd SUID root?

Q2

You want every file created in /srv/project to be group-owned by 'developers', no matter who creates it. What do you set?

Q3

What does the sticky bit do on /tmp?

Q4

You see `-rwsr-xr-x` with a lowercase 's', versus `-rwSr--r--` with a capital 'S'. What's the difference?

These aren't graded — they're just for active recall, which is what actually makes the lesson stick.

🔢
// practice it

chmod calculator

Toggle the special bits and watch the octal and symbolic forms update together — including the SUID/SGID/sticky digit you just learned.

open →
// more in linux

keep going — these pair well with what you just learned.

see all linux
🛡️

SELinux contexts

Why Apache can't read your file. Watch the policy engine decide — and learn the workflow for fixing denials. RHCSA-ready.

8 min · interactiveopen →

Linux boot process

From power button to login prompt. Every stage in the chain — UEFI, GRUB, kernel, initramfs, systemd — with the rescue moves that save you. RHCSA-ready.

9 min · interactiveopen →
💾

LVM stacking

Layer-by-layer build of an LVM stack: disks → PVs → VG → LVs → filesystem. Then extend live and snapshot. RHCSA-ready.

8 min · interactiveopen →
back to RHCSA trackall lessons