What is the first digit for in 4-digit octal Unix file permission notation?
From man chmod
:
A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1. Any omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set group ID (2) and sticky (1) attributes.
What are "set user ID", "set group ID", and "sticky", you ask?
setuid/setgid:
setuid and setgid (short for "set user ID upon execution" and "set group ID upon execution", respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.
Also, when applied to a directory, the setuid/setgid cause new files created in the directory to inherit the uid or gid, respectively, of the parent directory. This behavior varies based upon the flavor of unix. For example, linux honors the setgid, but ignores the setuid on directories.
And sticky:
The most common use of the sticky bit today is on directories. When the sticky bit is set, only the item's owner, the directory's owner, or the superuser can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner. Typically this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files.
Setgid has another very important function that I rely on daily but which is not included in Handyman5's excerpt (the quote is from the same page linked above):
The setuid and setgid flags, when set on a directory, have an entirely different meaning.
Setting the setgid permission on a directory (chmod g+s) causes new files and subdirectories created within it to inherit its group ID, rather than the primary group ID of the user who created the file (the owner ID is never affected, only the group ID). Newly created subdirectories inherit the setgid bit.
Thus, this enables a shared workspace for a group without the inconvenience of requiring group members to explicitly change their current group before creating new files or directories. Note that setting the setgid permission on a directory only affects the group ID of new files and subdirectories created after the setgid bit is set, and is not applied to existing entities. Setting the setgid bit on existing subdirectories must be done manually, with a command such as the following:
[root@foo]# find /path/to/directory -type d -exec chmod g+s {} \;
chmod g+s
would mean the addition of a 2 on the front of the octal value making a directory that has 775 permissions (drwxrwxr-x
) into 2775 (drwxrwsr-x
).
In addition to the other answers, a leading 0 is a convention used to tell a number is octal. It is not required here as file permissions are always expressed in octal but this can be anyway another reason why it is present.
Here is an easy to use Limux/Unix permissions calculator to help you figure out the permissions of a file or directory.
Because the accepted answer and others are pretty cryptic about it, I'll share part of this Ubuntu answer: https://askubuntu.com/a/976170
The first digit in a four-digit permission is the sum of set user id (4), set group id (2) and sticky (1). A three-digit permission is just like a four-digit permission with the first digit set to zero. Thus:
- 0644 is exactly the same as 644.
- 1644 is like 644 but the sticky bit is also set
- 4644 is like 644 but the set user ID bit is also set.
Like the other digits are cumulative for each positions rights (aka 4 write 2 read 1 execute for User = 100, 200, 400, 600, 700 etc), the leading 4th digit is cumulative for the sticky bits.