What is the first number for in a 4-number chmod argument (such as `chmod 4555`)?

When I install a program, it recommends me to do chmod 4555. Okay, i know about values if I just use three numbers. For example

chmod 555 test-file

will give

-r-xr-xr-x

4 for write, 2 for read and 1 for execute. But, when I do this:

chmod 4555 test-file

it gives me

-r-sr-xr-x

So, x changed to s. What's that mean?


There's actually 4 attribute sets you can work with via chmod.

Special, User/Owner, Group, and Others in that order, when working with the four-number chmods, with that first number being special bits that can be set.

chmod 4555 equates to the following:

  • Set UID bit - Run the file as the owner regardless of which user is running it
  • User/Owner: Read, Execute
  • Group: Read, Execute
  • Others: Read, Execute

The s in your 'human readable' string for permissions indicates that the SetUID bit (explained below) is set.


Effectively, we can break down the four-number chmod permissions argument into specific descriptors as follows, and doing the math to determine what a 4 in the first section would be, a 5 in the next section, and so on.

Keep in mind that #### is Special User/Owner Group and Others in that order.

For Special attributes (the first number in a four-number chmod argument):

  • Set UID - Run file as owner regardless of the user running it (shows as s in the human-readable permissions string for User section) = +4 (--s under User/Owner)
  • Set GID - Run file as group regardless of the user/group running it (shows as s in the human-readable permissions string for Group section) = +2 (--s under Group)
  • Sticky Bit - EFFECTIVE ON DIRECTORIES ONLY - If set, only the directory's owner user and root can delete the directory, and only the file owner or root can delete files inside it. (shows as t in the human-readable permissions string for Others section) = +1 (--t under Others)

For User/Owner, Group and Others attributes (the last three numbers in a four-number chmod argument):

  • Read = +4 (r--)
  • Write = +2 (-w-)
  • Execute (for files), or 'Enter Into / List Items' (for directories) = +1 (--x)

It is called the SETUID bit. if it is set by chmod 4555 test-file (in your case), then the test-file can be executed by any user as if the user is the owner of the file.

When the SETUID bit is set then the Effective User ID (EUID) of the user who does not have permission to execute the file otherwise (by normal permissions, e.g. 0744), takes the EUID of the file owner and can execute the file.