Table of Contents
- What is ACL (Access Control List)?
- ACL Management Commands
- What Are Special Permissions?
- Types of Special Permissions
- Set Permissions Numerically
- Conclusion
Description: Learn how to manage ACLs and set SUID, SGID, and Sticky Bit permissions in Linux. This is part of my RHCSA and Ansible training journey.
Understanding ACL and Special Permissions in Linux
When basic file permissions aren't enough, Linux offers more advanced options: Access Control Lists (ACLs) and Special Permissions like SUID, SGID, and the Sticky Bit.
These permissions are powerful tools for system admins, especially when managing shared directories, automation scripts, and user access on multi-user systems.
What is ACL (Access Control List)?
ACL allows you to assign different permission levels to individual users or groups for a file or directory — going beyond the basic user/group/others model.
ACL Management Commands
| Command | Description |
|---|---|
getfacl |
View ACLs on a file or directory |
setfacl -m u:username:perm |
Add/modify user ACL permission |
setfacl -x u:username |
Remove ACL permission for a user |
setfacl -b |
Remove all ACL permissions |
setfacl -m g:groupname:perm |
Add/modify ACL for a group |
setfacl -x g:groupname |
Remove ACL for a group |
What Are Special Permissions?
Special permissions are used for executables and shared directories to control how files behave during execution or deletion. These include
- SUID (Set User ID)
- SGID (Set Group ID)
- Sticky Bit
Types of Special Permisssion
SUID (Set User ID)
When set on an executable file, it runs with the owner’s privileges, not the user's.
| Command | Action |
|---|---|
chmod u+s file |
Set SUID |
chmod u-s file |
Remove SUID |
Example
chmod u+s /usr/bin/special_script
Any user can run this script with root privileges (if owned by root).
SGID (Set Group ID)
When set on a directory, new files inside will inherit the directory's group, not the creator’s group.
| Command | Action |
|---|---|
chmod g+s dir |
Set SGID |
chmod g-s dir |
Remove SGID |
Example
chmod g+s /shared
All files created in /sharedinherit its group automatically.
Sticky Bit
Used on shared directories, it ensures that only the owner of a file can delete it — even if others have write access.
| Command | Action |
|---|---|
chmod o+t dir |
Set Sticky Bit |
chmod o-t dir |
Remove Sticky Bit |
Example:
chmod o+t /team/shared
Set Permissions Numerically
You can also apply special permissions using numbers
| Type | Numeric Value | Example to Set |
|---|---|---|
| SUID | 4 | chmod 4755 file |
| SGID | 2 | chmod 2755 dir |
| Sticky Bit | 1 | chmod 1755 dir |
To remove, subtract the leading digit
chmod 755 file # Removes SUID
If SUID is set, the execute permission for the owner (rws) shows s.
If removed, it shows normal execute (x) *or no execute *(-).
chmod -2000 dir # Removes SGID
If SGID is set, the group execute (rwx) **has an **s.
If removed, it's back to normal (x or -).
chmod -1000 dir # Removes Sticky Bit
If Sticky Bit is set, the others' execute permission shows t.
If removed, it will show just x or - **without the **t.
Conclusion
ACL and special permissions give you fine-grained control over who can access and execute files, beyond basic Linux permissions.
These are must-know tools for any Linux system admin especially in enterprise or multi-user environments. If you're pursuing RHCSA, working in DevOps, or managing shared infrastructure, these commands are essential!
