ls output

ls results

  • setuid bit. Denoted by s (directories) or S (files) in the permissions block of ls results, it only applies to executable files — it just specifies which user (u+s) / group (ug+g) the process should run as when executed.

    To clear this bit, simply run chmod -s yourfile.txt.

  • sticky bit. Denoted by t or T (not s/S, due to setuid’s precedence), it’s usually used on directories to control a hierarchy of permissions. E.g., to share a temporary directory between users, but limit the control each user has on another user’s files in that directory.

    To clear, run chmod -t tmp/.

  • file acl. Denoted by a trailing + (plus sign), you can show more details by calling getfacl index.html.

    Clear the custom ACL settings with setfacl -b index.html.

  • selinux. Denoted by a trailing . (dot), ls -Z will show the full story.

    Remove this setting with sudo setfattr -x security.selinux favicon.ico.

    (Oddly, getfattr -d favicon.ico does not do what it says it will do, i.e., print out security.selinux="...", but it has a funny name, and explicity using getfattr -n security.selinux works, so perhaps we can forgive it.)

    It seems that chcon (“change context”, like chmod “change modifiers”, for example), the dedicated tool for SELinux context configuration, cannot remove the file attribute.