Every process in a UNIX-like system, just like every file, has an owner (the user, either real or a system "pseudo-user", such as daemon
, bin
, man
, etc) and a group owner. The group owner for a user's files is typically that user's primary group, and in a similar fashion, any processes you start are typically owned by your user ID and by your primary group ID.
Sometimes, though, it is necessary to have elevated privileges to run certain commands, but it is not desirable to give full administrative rights. For example, the passwd
command needs access to the system's shadow password file, so that it can update your password. Obviously, you don't want to give every user root privileges, just so they can reset their password - that would undoubtedly lead to chaos! Instead, there needs to be another way to temporarily grant elevated privileges to users to perform certain tasks. That is what the SETUID and SETGID bits are for. It is a way to tell the kernel to temporarily raise the user's privileges, for the duration of the marked command's execution. A SETUID binary will be executed with the privileges of the owner of the executable file (usually root
), and a SETGID binary will be executed with the group privileges of the group owner of the executable file. In the case of the passwd
command, which belongs to root
and is SETUID, it allows normal users to directly affect the contents of the password file, in a controlled and predictable manner, by executing with root privileges. There are numerous other SETUID
commands on UNIX-like systems (chsh
, screen
, ping
, su
, etc), all of which require elevated privileges to operate correctly. There are also a few SETGID
programs, where the kernel temporarily changes the GID of the process, to allow access to logfiles, etc. sendmail
is such a utility.
The sticky bit
serves a slightly different purpose. Its most common use is to ensure that only the user account that created a file may delete it. Think about the /tmp
directory. It has very liberal permissions, which allow anyone to create files there. This is good, and allows users' processes to create temporary files (screen
, ssh
, etc, keep state information in /tmp
). To protect a user's temp files, /tmp
has the sticky bit set, so that only I can delete my files, and only you can delete yours. Of course, root can do anything, but we have to hope that the sysadmin isn't deranged!
For normal files (that is, for non-executable files), there is little point in setting the SETUID/SETGID bits. SETGID on directories on some systems controls the default group owner for new files created in that directory.
Best Answer
Only the owner of the file, or the root user, may change a file's permissions. The current permissions on the file or on its parent directory are irrelevant¹. This is specified in POSIX:
On most unices, “appropriate privileges” means running as root. If these conditions are not met,
chmod
usually fails withEPERM
, though other behaviors such as aborting the program due to a security violation are permitted.In addition, some unix variants have system-specific ways of authorizing or forbidding
chmod
. For example, Linux has a capability (CAP_FOWNER
) that allows processes to change a file's permissions and other metadata regardless of its owner.There are other reasons
chmod
might fail even though the file exists, is accessible and has the appropriate owner. Common ones include a read-only filesystem or a filesystem that does not support permissions such as FAT. Less common ones include system-specific restrictions such as the immutable attribute on Linux's ext2 filesystem and successors.¹ Except insofar as he process running
chmod
must be able to access the file, so it must have execute permission on the directory containing the file and any other directory that it traverses to do so.