How do I clear the "s" permission on a directory in Linux?
I have a directory that is showing up with the permission mask drwsrwsr-x
. When I try to reset the permissions to 755
the S still remains.
What is the "s" and why cant I change the permissions back to 775 (drwxrwxr-x
)?
Solution 1:
The s you are seeing in the "execute" position in the user and group column are the SetUID (Set User ID on Execution) and SetGID (Set Group ID on execution) bits.
Unix file permissions are actually a 4-digit octal number SUGO
- S controls the SetUID (4), SetGID (2) and "Sticky" (1) bits
- U controls Read(4)/Write(2)/Execute(1) bits for the file owner
- G controls the Read/Write/Execute bits for the file's group
- O controls the Read/Write/Execute bits for everyone else.
You can remove the setuid bits from your directory with chmod ug-s directory
, or chmod 0755 directory
For more information see the man page for chmod
, and this Wikipedia page about the SetUID bit.
Solution 2:
setuid and setgid
setuid and setgid (short for set user ID upon execution and set group ID upon execution, respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.
To remove the setuid and setgid bits numerically, you must prefix the bit-pattern with a 0
(e.g.: 0775
becomes 00775
).
Run to delete setuid and setgid:
chmod 00775 path
or
chmod a-st path