On that episode you called the setuid and setgid the sticky bit.
Even though sticky bit is a different thing that you didn't explain.
The set uid (u+s) on a directory doesn't do anything.
But on a file that means that you can execute a program/script with the permissions of the owner of the file and not the user you're currently logged in as.
The set gid (g+s) on a file does the same thing as the setuid, but for the group permission instead of the user.
On a folder that means that the group of the directory would be the effective group and not the group of the user.
The sticky bit makes sure that no matter what the permissions of the directory, only the root user or the owner of the files inside the directory can remove it.
Otherwise if a directory has write permissions to "other" and the directory is shared. every user on the system can delete my files.
Setting the sticky bit on a specific file as far as I know doesn't do anything.
Often times the setgid and sticky bit goes hand in hand for folder sharing.
I think you should clarify it on the episode, and correct me if I'm mistaken at any point.
Now for the questions:
-
If I'm adding an acl entry to a file/directory for a group or user, and giving them a permission that doesn't exist on the group, it adds it automatically for the group itself.
For example:
I'm giving a file called test permissions of nothing 000 for the example.
----------. 1 ansible-user ansible-user 0 Dec 2 19:38 test
Then I'm doing setfacl -m u:cloud_user:wrx test
When I'm checking the posix regular permissions I see:
----rwx---+ 1 ansible-user ansible-user 0 Dec 2 19:38 test
It happens no matter the original permissions.
another example:
-rw-rw-r--. 1 ansible-user ansible-user 0 Dec 2 19:44 test
The same command would give me:
-rw-rwxr--+ 1 ansible-user ansible-user 0 Dec 2 19:44 test
Is that a normal behavior?
Why the permissions of the main group changes even though I changed permissions for a different user or group? -
If I'm creating a file at the root of the system (as root of course because only root can), and change the ownership to another user, I can't delete it as the user, only as root.
when I'm seeing the permissions of the / directory, I see dr-xr-xr-x. 17 root root 224 Dec 2 19:36 /
Is that some hidden mechanism of linux to prevent deletion of folders under the root directory even though I can't see it on the permissions because it doesn't have write permissions anywhere ?