[Basic knowledge] Sticky Bit, SUID, SGID

Source: Internet
Author: User

Author: gnuhpc
Source: http://www.cnblogs.com/gnuhpc/

1. Sticky Bit

1) Act on files: Some Old UNIX systems were used to put executable files in SWAp after the first execution to improve the running speed of the program. It is outdated now.

2) Act on the directory: If the sticky bit of a directory is set, only the owner and root users of this directory can delete and rename the files or subdirectories in the directory:

Gnuhpc @ gnuhpc-desktop :~ $ Mkdir teststickybit

Run the LS command to view the current permissions of the directory:

Drwxr-XR-x 2 gnuhpc 4096 teststickybit

The directory after we put a file a. out is:

Gnuhpc @ gnuhpc-desktop :~ /Teststickybit $ LS-l
Total 8
-Rwxrwxrwx 1 gnuhpc 7835 A. Out

Add sticky bit:

Gnuhpc @ gnuhpc-desktop :~ $ Chmod + T teststickybit

Now the directory permission is changed:

Gnuhpc @ gnuhpc-desktop :~ $ LS-LD teststickybit
Drwxr-XR-T 2 gnuhpc 4096 teststickybit

Although a. Out has all permissions for everyone, it can only be renamed and deleted by its owner or root:

Gnuhpc @ gnuhpc-desktop :~ /Teststickybit $ su guest
Password:
Guest @ gnuhpc-desktop:/home/gnuhpc/teststickybit $ mv a. Out B. Out
MV: cannot move 'a. out' to 'B. out': Permission denied
Guest @ gnuhpc-desktop:/home/gnuhpc/teststickybit $ rm a. Out
RM: cannot remove 'a. out': Permission denied

It can protect files, which is why/tmp has sticky bit.

2. SUID

The full name is set user ID. As the name implies, if the SUID of a file is set, the user ID will be "set" when the program is run (actually not, only permission.) The user ID of the owner of the file. For example, if I have a file with SUID set and its owner is root, I use a user, such as gnuhpc, to run this program, this program will be executed as root. This is used when you want a program to use the permissions of a specific user (such as root) to do something, and do not want to assign this user permission to users. To add or remove SUID, run chmod U +/-S filename.

For example:

Ping can be used to test whether the network is connected normally. It uses the ICMP protocol to send and receive packets. But only the root user can establish ICMP packets. How can this problem be solved? Solve the problem by using the SUID bit. Check the/bin/ping attribute and you will know (the one in RWSS).

3. SGID

Similarly, when a user runs a file with a SGID set, the permission is the same as that of a member of the group to which the file belongs. You only need to use chmod g +/-S filename to add or subtract SGID.

 

Author: gnuhpc
Source: http://www.cnblogs.com/gnuhpc/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.