What is the first number for in a 4-number chmod argument (such as `chmod 4555`)?
When I install a program, it recommends me to do chmod 4555
. Okay, i know about values if I just use three numbers. For example
chmod 555 test-file
will give
-r-xr-xr-x
4 for write, 2 for read and 1 for execute. But, when I do this:
chmod 4555 test-file
it gives me
-r-sr-xr-x
So, x
changed to s
. What's that mean?
There's actually 4 attribute sets you can work with via chmod
.
Special
, User/Owner
, Group
, and Others
in that order, when working with the four-number chmods, with that first number being special bits that can be set.
chmod 4555
equates to the following:
-
Set UID
bit - Run the file as the owner regardless of which user is running it - User/Owner:
Read, Execute
- Group:
Read, Execute
- Others:
Read, Execute
The s
in your 'human readable' string for permissions indicates that the SetUID
bit (explained below) is set.
Effectively, we can break down the four-number chmod
permissions argument into specific descriptors as follows, and doing the math to determine what a 4
in the first section would be, a 5
in the next section, and so on.
Keep in mind that ####
is Special
User/Owner
Group
and Others
in that order.
For Special
attributes (the first number in a four-number chmod
argument):
-
Set UID
- Run file as owner regardless of the user running it (shows ass
in the human-readable permissions string forUser
section) = +4 (--s
underUser/Owner
) -
Set GID
- Run file as group regardless of the user/group running it (shows ass
in the human-readable permissions string forGroup
section) = +2 (--s
underGroup
) -
Sticky Bit
- EFFECTIVE ON DIRECTORIES ONLY - If set, only the directory's owner user androot
can delete the directory, and only the file owner orroot
can delete files inside it. (shows ast
in the human-readable permissions string forOthers
section) = +1 (--t
underOthers
)
For User/Owner
, Group
and Others
attributes (the last three numbers in a four-number chmod
argument):
-
Read
= +4 (r--
) -
Write
= +2 (-w-
) -
Execute
(for files), or 'Enter Into / List Items' (for directories) = +1 (--x
)
It is called the SETUID
bit. if it is set by chmod 4555 test-file
(in your case), then the test-file
can be executed by any user as if the user is the owner of the file.
When the SETUID
bit is set then the Effective User ID (EUID
) of the user who does not have permission to execute the file otherwise (by normal permissions, e.g. 0744
), takes the EUID of the file owner and can execute the file.