Chmod 4755 Explained
Chmod 4755 sets the SUID bit allowing a program to run as the file owner. Used by system commands like passwd. Understand the security implications.
Permission
4755
rwsr-xr-x
chmod 4755 filename
Permission Breakdown
| Role | Read (4) | Write (2) | Execute (1) | Octal | Meaning |
|---|---|---|---|---|---|
| Owner | r | w | x | 7 | read, write, execute |
| Group | r | - | x | 5 | read, execute |
| Others | r | - | x | 5 | read, execute |
Visual Permission Grid
Detailed Explanation
The permission 4755 combines standard 755 permissions with the SUID (Set User ID) bit, which causes the program to execute with the file owner's privileges.
Octal breakdown:
- 4 (Special): SUID bit set
- 7 (Owner): read (4) + write (2) + execute (1) = full access
- 5 (Group): read (4) + execute (1) = read and execute
- 5 (Others): read (4) + execute (1) = read and execute
In symbolic notation this is rwsr-xr-x. Note the s in the owner execute position, indicating SUID is set.
When a user executes a SUID program, the process runs with the effective user ID of the file owner (typically root), not the user who launched it. This is how the passwd command works: it is owned by root with SUID set, so when a normal user runs passwd, the process has root privileges needed to modify the /etc/shadow file.
Security warning: SUID is powerful and potentially dangerous. A vulnerability in a SUID-root program can grant an attacker full root access. Only trusted, well-audited programs should have SUID set. System administrators regularly audit SUID files with commands like find / -perm /4000.
Use Case
Used by system commands that need elevated privileges: passwd, ping, sudo, su, mount, and umount. Also used for custom setups where a specific program needs to run as its owner.