After the website of a client has been hacked, I found some files with the following permissions set
What exactly S and T stands for? Also, which one is the command to set them with those permissions?
Thanks in advance
Asked
Active
Viewed 3,826 times
2 Answers
1
There are many information sources about the topic, but reading here, on wikipedia and other similar questions asked on StackExchange like the following :
- https://askubuntu.com/questions/88391/whats-an-upper-t-at-the-end-of-unix-permissions
- https://superuser.com/questions/509114/what-does-directory-permission-s-mean-not-lower-case-but-in-upper-case
- Uppercase S in permissions of a folder
we can assume that:
Sticky Bit
is mainly used on folders in order to avoid deletion of a folder and its content by other users though they having write permissions on the folder contents. If Sticky bit is enabled on a folder, the folder contents are deleted or moved by only owner who created them and the root user.
But sure, it can be done also on singular files like in your case.
How to set Sticky Bit
# symbolic way :
chmod +t /path/to/folder/or/file
# Numerical way :
chmod 1757 /path/to/folder/or/file
if you see T (uppercase) in the file permission area, that indicates the specific file or folder does not have executable permissions for all users permissions portion. Otherwise, if the sticky beat t is lowercase, it means the executable permission for all users is enabled.
SetGID / SetUID (set-group-ID, set-user-ID) bit
On most systems, if a directory's set-group-ID bit is set, newly created subfiles inherit the same group as the directory, and newly created subdirectories inherit the set-group-ID bit of the parent directory.
Same logic for the SetUID bit.
How to SetGID / SetUID
# add the setuid bit
chmod u+s /path/to/folder/or/file
# remove the setuid bit
chmod u-s /path/to/folder/or/file
# add the setgid bit
chmod g+s /path/to/folder/or/file
# remove the setgid bit
chmod g-s /path/to/folder/or/file
Similar as described above, if you see S (uppercase) the directory's setgid bit is set, but the execute bit isn't set. is the s is lowercase the directory's setgid bit is set, and the execute bit is set.
1
You can find the meaning of S and T on the ls info page. On systems with GNU ls, this should be available in the file corutils.info.gz, usually accessed at the shell prompt by info ls. Here's an excerpt:
`ls' combines multiple bits into the third character of each
set of permissions as follows
. . .
`S'
If the set-user-ID or set-group-ID bit is set but the
corresponding executable bit is not set.
`T'
If the restricted deletion flag or sticky bit is set but the
other-executable bit is not set.
The command usually used to set these bits is chmod, and any binary command or program can call the kernel system call chmod to accomplish the same things.
See these man pages for more information:
man 1 chmod
man 2 chmod
RobertL
- 6,780