Detailed description of the three permissions of the Suid,sgid,sticky

Detailed description of the three permissions of the Suid,sgid,sticky

A file has an owner that indicates who created the file. At the same time, the file has a group number that represents the group to which the file belongs, typically the group to which the file owner belongs. If it is an executable file, the file typically has only the permissions of the user who called the file when it is executed. And setuid, Setgid can change this setting.

setuid: Sets the permission to have the file owner in the execution phase of the file. The typical file is/usr/bin/passwd. If the file is executed by an average user, the file can be rooted during execution so that the user's password can be changed.

setgid: This permission is valid only for the directory. After the directory is set, any user who creates the file in this directory has the same group as the group to which the directory belongs.

sticky bit: This bit can be understood as an anti-delete bit. Whether a file can be deleted by a user depends primarily on whether the group to which the file belongs has write access to the user. Without write permissions, all files in this directory cannot be deleted and new files cannot be added. If you want users to be able to add files but cannot delete files at the same time, you can use the sticky bit bit for the files. When this bit is set, the file cannot be deleted even if the user has write access to the directory.

The following are the features of three privileges , summarized as follows:

Sticky: Example Directory/tmp

1) sticky can only be applied to the directory, and is applied to other people.

2) only root and file owner can delete the file.

3) lowercase means can execute, uppercase indicates cannot execute

Suid: Example Catalogue/usr/bin/passwd

1) suid can only be used in binary files

2) When a file is applied to a suid, then anyone who executes the command will temporarily have the permissions of the file owner.

3) Suid can only be applied to the owner of the file

4) lowercase means can execute, uppercase indicates cannot execute

Sgid: Application Environment for a group of developers to share resources to ensure security

1) Sgid can be applied to both files and directories

2) When Sgid is applied to a directory, anyone who establishes a healthy file and directory in that directory belongs to the group to which the directory belongs

3) apply on the owning group

4) When Sgid is applied to a file, anyone who executes the file temporarily owns the group permissions for that file

5) lowercase means executable, uppercase and vice versa.

Let's talk about how to manipulate these flags:

The operation of these flags is the same as the command to manipulate the file permissions, both of which are chmod. There are two ways to do this,

1) Use U,g,o

chmod U+s Temp--Adds the SETUID flag to the temp file. (setuid only valid for files)

chmod g+s tempdir--add setgid flag for TempDir directory (Setgid is valid for directories and files)

chmod o+t Temp--Adds a sticky flag to the temp file (sticky only works on the file)

2) Adopt octal method . The general file is marked by three octal digits, such as 666, 777, 644, and so on. If these special flags are set, a set of octal digits is added outside of this set of numbers. such as 4666, 2777 and so on. The meaning of this set of octal digits three bits is as follows:

chmod 4777 is set SID

chmod 2777 is set gid

chmod 1777 is set sticky

This article is from the "My Study blog" blog, please be sure to keep this source http://houzhimeng.blog.51cto.com/3938990/1733673

Detailed description of the three permissions of the Suid,sgid,sticky