Original link http://blogold.chinaunix.net/u2/76620/showart_1134205.html
Each file has an owner, indicating who created the file. At the same time, the file also has a group number, indicating the group to which the file belongs, generally the group to which the file owner belongs.
If it is an executable file, the file generally only has the permission of the user who calls the file, while setuid and setgid can change this setting.
Setuid: set to grant the file owner permissions during execution. the typical file is/usr/bin/passwd. if a common user executes the file, the file can obtain the root permission during execution, so that the user's password can be changed.
Setgid: this permission is only valid for the directory. After the directory is set to this bit, any files created in this directory have the same group as the directory.
Sticky
Bit: This bit can be understood as a non-delete bit. Whether a file can be deleted by a user depends on whether the group to which the file belongs has the write permission for the user. If you do not have the write permission,
All files in this directory cannot be deleted, and new files cannot be added. If you want to add files but cannot delete files at the same time, you can use sticky
Bit. After this bit is set, the file cannot be deleted even if the user has the write permission on the directory.
The following describes how to operate these labels:
The operation marks are the same as the operation File Permission command, and are all CHMOD. There are two methods to operate,
1) chmod U + S temp -- add the setuid flag to the temp file. (setuid is only valid for the file)
Chmod g + S tempdir -- add the setgid flag to the tempdir directory (setgid is only valid for the Directory)
Chmod o + T temp -- add the sticky flag to the temp file (sticky is only valid for the file)
2) Adopt the octal mode. for general files, use three Octal numbers to set the flag, such as 666,777,644. if these special characters are set, a group of Octal numbers is added to this group of numbers. such as 4666,277 7. the meanings of the three octal digits in this group are as follows,
ABC
A-setuid bit. If this bit is 1, setuid is set.
B-setgid bit. If this bit is 1, setgid is set.
C-sticky bit. If this bit is 1, sticky is set.
After these flags are set, you can use LS-L to view them. If these flags exist, they will be displayed in the original execution flags. For example:
Rwsrw-r -- indicates that the setuid flag exists.
Rwxrwsrw-indicates that the setgid flag exists.
Rwxrw-rwt indicates sticky flag
So where did the original execution mark x go? The system stipulates that, if there is X in this bit, these special signs will be displayed as lowercase letters (S, S, T ). otherwise, uppercase letters (S, S, T) are displayed)
The numbers of these three permissions are understandable.
[Root @ server3 test] #1 1 1
[Root @ server3 test] # RW s RWS rwt
[Root @ server3 test] #
[Root @ server3 test] # suid sgid sticky
Therefore, we can conclude that
Chmod 4777 is set Sid
Chmod 2777 is set GID
Chmod 1777 sets sticky.
Common Operations
Find all the dangerous directories (set the directory to which all users can read and write but no sticky directory is set)
Find/-Perm-0007-type D
Find all files with SUID configured
Find/-Perm-4000-type F
Original article address
Http: // There are many online users who don't know who to turn to. Thanks to the people who wrote and reproduced this.