‘+’ and ‘s’ in permission strings

by

If the ls -l command gives me a permission string like

rwsr-s--x

What does the ‘s’ mean? The only sources I found mention that it can be present sometimes but do not elaborate.

What does a ‘+’ instead of a ‘-‘ mean? I have found mentions of ‘extended permission’ but nothing clear.

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

As explained by the very good and comprehensive wikipedia page on the subject :

+ (plus) suffix indicates an access control list that can grant additional permissions. Details are available with man getfacl.

Furthermore, there are three permission triads :

  • First triad : what the owner can do
  • Second triad : what the group members can do
  • Third triad : what other users can do

As for the characters of the triad :

  • First character
    • r : readable
  • Second character
    • w : writable
  • Third character
    • x: executable
    • s or t: executable and
      setuid/setgid/sticky
    • S or T: setuid/setgid or sticky, but not
      executable

The setuid/setgid basically means that, if you have the permission to run the program, you will run it as if you were the owning user and/or of the owning group of that program. This is helpful when you need to run a program which needs root access but also needs to work for non-root users (to change your password, for example).

The sticky bit might have different meaning depending on the system or flavor you are running and how old it is, but on linux, the wiki page states that :

[…] the Linux kernel ignores the sticky bit on files. […] When the sticky bit is set on a directory, files in that directory may only be unlinked or renamed by root or the directory owner or the file owner.

Method 2

See Understanding UNIX permissions and their attributes for an explanation of the s.

+ appears after the standard permissions, and is one of the possible characters used to indicate that the file has “alternate access methods”. With GNU ls the character can be blank (the default), . to indicate a security context applies to the file, or + to indicate any other alternate access method, typically ACLs (which you can see using getfacl).

POSIX defines the position as being used for the alternate access method flag, but possible values are left to each implementation:

The optional alternate access method flag shall be the empty string if there is no alternate or additional access control method associated with the file; otherwise, it shall be a string containing a single printable character that is not a blank.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x