"chmod"-----some conception of it to ask

Posted on 2001-07-11
Medium Priority
Last Modified: 2010-04-20
 when i use "chmod" command,usually i just use 3 numbers
such as "755,640 etc.",but i saw some usages of it are like this "0755,4640...", i don't know what's the first number used for? (a boot told me that the first number could be "0,1,2,4",please introduce it to me more detailed
thank you
Question by:wingboad
  • 2
  • 2

Accepted Solution

newmang earned 40 total points
ID: 6275699
4xxx - Makes the file setuid. When the binary runs it adopts the user priveleges of the file rather than the person running the binary (often dangerous)

2x#x - If # is 7,5,3 or 1 makes the file setgid.
       If # is 6,4,2 or 0 sets mandatory file locking.
       If used on a directory files created in the
       directory take on the group id of the directory
       rather than the process creating the file

1xxx - Set the sticky bit. Only the file owner can delete
       the file irrespective of the file access permissions
       this is usually used in directories such as the /tmp

Cheers - Gavin

Author Comment

ID: 6279568
   thanks for your explaination,but i still not clear that
why & when i should use this number,maybe this is because
i know little about "set uid" and "set gid",would you like
explain more about this or give me a URL to see a doc,thank

Expert Comment

ID: 6279640
OK here goes.....


If you make a program or script setuid it means that when that program or script is run it will run with the authority of the owner of the file rather than the person who runs it.

Lets say that as root I create a script or program that deletes files and save it without the setuid bit set. If I run it as root then of course it can delet any file because, as root, I have that ability. If I run it as a non-root user then it would only allow me to delet files I own because as a normal user I don't have the access to delete other users files.

If, however, as root I set the setuid bit on the program or script file then no matter who runs the program or script the script runs as if the user were root (ie the owner of the file) and therefore anyone could delete any file. Obviously this is a serious security exposure!

It gets worse because you may write a script which does something you want all users to do but which requires root access. The problem here is that if they stop the script they are left with root access and have open slather on the system, the same applies to any application that has a shell escape. For example the vi editor has the ability to run shell commands with the ! command. If vi were to run as setuid root then anyone who can edit a file could run any root access command. This is why it's not a good idea to do this.

Normally if we write a program (not a script) that must have the ability to run a root level command then we code it to run as root just for the time needed to do the command and then we revert back to the user's permission. Furthermore we usually code it such that whilst it is in "root" level it cannot be interrupted by a signal to prevent the user from halting the progrma whilst it is in that state.

The moral is that you shouldn't run things as setiud, there are alternatives such as the sudo application which allows you to assign access to defined commands for defined users.


This is the same as SETUID except that the program or script takes on the group id of the file owner rather than the user who runs it. The same caveats apply.

The setgid bit works differently on directories though, in this case it means that any file created in the directory takes on the group id of the directory rather tahn the gid of the person who creates the file. This is used where many people who don't share the same primary group id (user can have many groups) but need to share files with others. It's not used that much.

In summary, if you don't know what the bits are used for you probably don't need to use them.

Does this help?

Author Comment

ID: 6284482
    i really appriated that your detaild explaination,i wil
l accept it,say thanks again.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses
Course of the Month8 days, 15 hours left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question