RedHat notes: permission management and how to use hidden attributes

Extension of File Permission management: model file with file management permissions: owner. Each type of user in the group has permissions. The combination of read/write execution rwx is that 9-bit has a special permission in these permissions as a general user. To change the password, modify the/etc/shadow, but the shadow file has 400 permissions, and the owner group is root. How does one save the password? S: SUID: SetUID: if a file has the s execution permission, when a common user executes the file

Extension of File Permission management:
File Management permission Model
File: Owner, Group
Each type of user has permissions. Read/write execution rwx, 9 digits in combination
These permissions have a special permission.
As a common user, to change the password, you need to modify/etc/shadow. However, the shadow file has 400 permissions, and the owner group is root. How does one save the password?

S: SUID: Set UID: if a file has the s execution permission, when a common user executes the file, it is not executed as a user, it runs according to the identity of the file owner. Temporary switch, only when the command is run.

SUID allows some users to have administrator privileges when executing a command. However, this function is a double-edged sword.
SGID: Set GID: when a user executes a command, it runs as a file group instead of a user group.

Hypothesis: There is a development team in the company. Everyone belongs to a group. To develop a program, all the programs are in/project/. After all others are added to that group, they can be accessed. If one of the users creates a file, the owner of the new file is the user who created the file, and no one else can enter the file. To solve this problem.

If the SGID bit is set for a directory, it usually means that if a user's directory is in the group, the owner Group of the files created by the user is not in the basic group, the group to which the directory belongs.

-----------------------------------------------------
How can an object have s-bit?
Chmod u + s/etc/aaa. sh
You can change/etc/aaa. sh to a file with the SUID attribute.
----------------------------
If the original user has the execution permission, it is S.
If the original user does not have the execution permission, it is s.
----------------------------
How to make the Directory have s-bit?
Chmod g + s/project/
You can set the/project/directory to have the SGID permission.
----------------------------------------------------

STICKY:
T bit: sticky Bit. For a public place that everyone can write, every user can write and delete permissions, we have limited that everyone can only delete their own. This function is t-bit. /Tmp is the directory with special properties t.
T-bit is placed on o, and others.

Chmod o + t/project/

-----------------------------------------------------
SUID, SGID, STICKY
They also use a three-digit, two-digit representation.
4 2 1

000 0
001 1
010 2
011 3
100 4
101 5
110 6
111 7

Therefore, the permission settings are changed to four digits:
Chmod 7755/a.txt
The first parameter indicates the various settings of S.
The last three digits indicate other persons in the owner group.
----------------------------------------------------
System Security Mechanism: umask (filter code)
Use the umask command to view the value of the current user
For common users, umask: 0002
Umask: 0022 for Administrators