Advanced Permissions & ACLs

Standard rwx permissions are often not enough for complex environments. Linux provides special bits and Access Control Lists (ACLs) for finer control.

1. Special Permission Bits

These bits change the behavior of how files and directories interact with the system.

SUID (Set User ID)

When an executable has the SUID bit set, it runs with the permissions of the file owner rather than the user who executed it.

Symbol: s in the owner's execute field (e.g., -rwsr-xr-x).
Use Case: The passwd command, which needs root access to update /etc/shadow.

SGID (Set Group ID)

On Files: Runs with the permissions of the file group.
On Directories: New files created inside inherit the group of the parent directory, not the user's primary group.
Symbol: s in the group's execute field (e.g., drwxrwsr-x).

Sticky Bit

Ensures that only the file owner or the root user can delete or rename files within a directory.

Symbol: t in the others' execute field (e.g., drwxrwxrwt).
Use Case: The /tmp directory, where everyone can write but shouldn't delete each other's files.

2. ACLs (Access Control Lists)

Standard permissions only allow one user and one group. ACLs allow you to define permissions for multiple specific users or groups.

Checking ACLs: `getfacl`

getfacl my_folder/

Setting ACLs: `setfacl`

# Give 'sarah' read and write access to a file she doesn't own
setfacl -m u:sarah:rw data.txt
 
# Remove all ACLs from a file
setfacl -b data.txt

Comparison Table

Bit/Tool	Symbol	Primary Benefit
SUID	`s` (Owner)	Run as owner (usually root)
SGID	`s` (Group)	Inherit group in directories
Sticky Bit	`t`	Protect shared files from deletion
ACL	N/A	Multiple users/groups on one file

[!IMPORTANT] ACL Support Not all file systems support ACLs by default. You may need to ensure your partition is mounted with the acl option in /etc/fstab.

Permissions & Ownership Package Management