In the previous guide we covered some basics about chmod and how permissions are set up. While it provides some great security, there's also some finer details involving chmod that we can use to our advantage. s Bit The s bit is helpful in that it allows the object's owner and group complete control over what can be accessed while allowing others to access it as well. However, its effect does differ when used on an executable compared to a directory. For an executable, the user running the program with the s bit set gains the privileges that the program's owner has as well. So if a file is owned by root, but the s bit is set and a guest is able to run the program, then the guest gains root privileges through that program for as long as the program is running. While this does pose a major security risk, it does have its uses. Mostly being if a program is owned by billing department one and you in billing department two needs to run it, as long as anyone in billing department two has access to the program they can run it without issue. For a directory its a bit simpler. After a directory has the user or group s bit set, any files or folders created within that directory automatically inhereit that ID. If you don't specify the user or group (u or g), then both are set automatically. Here's some examples. user and group: Code: [ehansen@as-l-001-eric ~]$ ls -liha | grep monkeys 524801 -rw-r--r-- 1 ehansen ehansen 0 Nov 19 12:16 monkeys [ehansen@as-l-001-eric ~]$ chmod +s monkeys [ehansen@as-l-001-eric ~]$ ls -liha | grep monkeys 524801 -rwSr-Sr-- 1 ehansen ehansen 0 Nov 19 12:16 monkeys user only: Code: [ehansen@as-l-001-eric ~]$ chmod u+s monkeys [ehansen@as-l-001-eric ~]$ ls -liha | grep monkeys 524801 -rwSr--r-- 1 ehansen ehansen 0 Nov 19 12:16 monkeys group only: Code: [ehansen@as-l-001-eric ~]$ chmod g+s monkeys [ehansen@as-l-001-eric ~]$ ls -liha | grep monkeys 524801 -rw-r-Sr-- 1 ehansen ehansen 0 Nov 19 12:16 monkeys t Bit The sticky, or t, bit has a more useful case. When this bit is set, only the object's owner, or a super user (i.e.: root) can rename or delete it. /tmp is almost always set with this bit so that no ordinary users can modify another user's data. For example look at the output on my system: Code: [ehansen@as-l-001-eric ~]$ ls -liha / | grep tmp 6399 drwxrwxrwt 8 root root 200 Nov 19 12:18 tmp The bit is always set as the world (or other) as it affects everyone on the whole system. While this is a very helpful bit to set, it also can cause system-wide issues when set improperly, especially when chroot or dropped privileges are involved (i.e.: when your web server starts as root but finishes as running as www-data).