How to Remove Sticky Bit (s) Permission and Reset Directory Permissions to 775 in Linux


2 views

When you see a directory with drwsrwsr-x permissions, that lowercase 's' is actually indicating two special permission bits:

1. The first 's' (user execute position) is the SetUID bit
2. The second 's' (group execute position) is the SetGID bit

The SetUID/SetGID bits are separate from regular permissions. When you run chmod 755, you're only modifying the standard permission bits (rwx), not the special bits. Here's what's happening:

$ chmod 755 directory
$ ls -ld directory
drwsr-sr-x 2 user group 4096 Jan 1 12:34 directory

To completely reset permissions including special bits, you have several options:

Method 1: Numeric Notation

$ chmod 00755 directory  # Leading zero clears special bits
$ ls -ld directory
drwxr-xr-x 2 user group 4096 Jan 1 12:34 directory

Method 2: Symbolic Notation

$ chmod u-s,g-s directory  # Explicitly remove SetUID and SetGID
$ chmod 775 directory      # Then set desired permissions
$ ls -ld directory
drwxrwxr-x 2 user group 4096 Jan 1 12:34 directory

While we're removing them here, these bits have legitimate uses:

  • SetGID on directories: New files inherit group ownership
  • SetUID on executables: Run with owner's privileges (e.g., /usr/bin/passwd)
# Example of useful SetGID application:
$ chmod g+s /shared_directory
$ mkdir /shared_directory/project
$ ls -ld /shared_directory/project
drwxrwsr-x 2 user shared_group 4096 Jan 1 12:35 project

Always verify with ls -ld after changing permissions. The special bits appear as:

  • 's' if both execute and special bit are set
  • 'S' if special bit is set but execute is not
  • 'x' or '-' for normal execute permissions

When you see permissions like drwsrwsr-x, those lowercase "s" characters represent special permission bits:

d r w s r w s r - x
│ │ │ │ │ │ │ │ │ └── Others: execute
│ │ │ │ │ │ │ └────── Others: read
│ │ │ │ │ │ └──────── Group: SUID/SGID
│ │ │ │ │ └────────── Group: write
│ │ │ │ └──────────── Group: execute
│ │ │ └────────────── User: SUID/SGID
│ │ └──────────────── User: write
│ ─────────────────── User: read
└──────────────────── Directory flag

The "s" bits persist because they're separate from regular permissions. These are special flags:

  • SUID (Set User ID): First "s" in user permissions
  • SGID (Set Group ID): Second "s" in group permissions

To completely clear these bits, you need explicit commands:

Method 1: Symbolic Notation

chmod u-s,g-s /path/to/directory

Method 2: Numeric Notation

# This clears ALL special bits (including sticky 't')
chmod 00755 /path/to/directory

Check permissions before and after:

$ ls -ld /target
drwsrwsr-x 2 user group 4096 Jan 1 12:34 /target

$ chmod u-s,g-s /target
$ ls -ld /target
drwxrwxr-x 2 user group 4096 Jan 1 12:34 /target

Though we're removing them here, these bits have valid use cases:

# SGID on directories forces new files to inherit group ownership
chmod g+s /shared_folder

# SUID on executables runs them with owner's privileges
chmod u+s /usr/bin/passwd