"chmod"-----some conception of it to ask

Posted on 2001-07-11
Last Modified: 2010-04-20
 when i use "chmod" command,usually i just use 3 numbers
such as "755,640 etc.",but i saw some usages of it are like this "0755,4640...", i don't know what's the first number used for? (a boot told me that the first number could be "0,1,2,4",please introduce it to me more detailed
thank you
Question by:wingboad
  • 2
  • 2

Accepted Solution

newmang earned 10 total points
ID: 6275699
4xxx - Makes the file setuid. When the binary runs it adopts the user priveleges of the file rather than the person running the binary (often dangerous)

2x#x - If # is 7,5,3 or 1 makes the file setgid.
       If # is 6,4,2 or 0 sets mandatory file locking.
       If used on a directory files created in the
       directory take on the group id of the directory
       rather than the process creating the file

1xxx - Set the sticky bit. Only the file owner can delete
       the file irrespective of the file access permissions
       this is usually used in directories such as the /tmp

Cheers - Gavin

Author Comment

ID: 6279568
   thanks for your explaination,but i still not clear that
why & when i should use this number,maybe this is because
i know little about "set uid" and "set gid",would you like
explain more about this or give me a URL to see a doc,thank

Expert Comment

ID: 6279640
OK here goes.....


If you make a program or script setuid it means that when that program or script is run it will run with the authority of the owner of the file rather than the person who runs it.

Lets say that as root I create a script or program that deletes files and save it without the setuid bit set. If I run it as root then of course it can delet any file because, as root, I have that ability. If I run it as a non-root user then it would only allow me to delet files I own because as a normal user I don't have the access to delete other users files.

If, however, as root I set the setuid bit on the program or script file then no matter who runs the program or script the script runs as if the user were root (ie the owner of the file) and therefore anyone could delete any file. Obviously this is a serious security exposure!

It gets worse because you may write a script which does something you want all users to do but which requires root access. The problem here is that if they stop the script they are left with root access and have open slather on the system, the same applies to any application that has a shell escape. For example the vi editor has the ability to run shell commands with the ! command. If vi were to run as setuid root then anyone who can edit a file could run any root access command. This is why it's not a good idea to do this.

Normally if we write a program (not a script) that must have the ability to run a root level command then we code it to run as root just for the time needed to do the command and then we revert back to the user's permission. Furthermore we usually code it such that whilst it is in "root" level it cannot be interrupted by a signal to prevent the user from halting the progrma whilst it is in that state.

The moral is that you shouldn't run things as setiud, there are alternatives such as the sudo application which allows you to assign access to defined commands for defined users.


This is the same as SETUID except that the program or script takes on the group id of the file owner rather than the user who runs it. The same caveats apply.

The setgid bit works differently on directories though, in this case it means that any file created in the directory takes on the group id of the directory rather tahn the gid of the person who creates the file. This is used where many people who don't share the same primary group id (user can have many groups) but need to share files with others. It's not used that much.

In summary, if you don't know what the bits are used for you probably don't need to use them.

Does this help?

Author Comment

ID: 6284482
    i really appriated that your detaild explaination,i wil
l accept it,say thanks again.

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question