Linux Basics: 9, File special permissions

Set special permissions)

SUID

Role: Temporarily gives the owner of a user binary document permission (primarily for use by ordinary users for certain special commands)

Grammar:

chmod u+s file (increase s permission)

chmod u-s file (minus s permission)

Usage restrictions and environment:

1, only for the binary files valid;

2, the performer must have X permission to the file, otherwise, because no execute permission, suid at this time invalid, at this time the permission bit display s;

3, the permission is only in the execution process has.

========================================================================[[email protected] ~]#  su nagios                        #切换到nagios普通用户下 [[Email protected] root]$ lsls: cannot  open directory .: Permission denied  #普通用户不可以访问root家目录 # Add on S permissions [[email  protected] ~]# chmod u+s /bin/ls[[email protected] ~]# su nagios[[ email protected] root]$ ls -l /bin/ls-rwsr-xr-x. 1 root root  112664 nov 22  2013 /bin/ls[[email protected] root]$ lsanaconda-ks.cfg   dir4         install.log.syslog  newdir    test11  test33crontab.sh       install.log   mbr.bin             newfile  test22# If no permissions are enforced [[email  Protected] ~]# chmod u-x /bin/ls[[email protected] ~]# ls -l /bin /ls-rwsr-xr-x. 1 root root 112664 nov 22  2013 /bin/ls      #可看到S出现了 # Extension Command file[[email protected] root]$ file /bin/ls/bin/ls:  setuid elf 32-bit lsb executable, intel 80386, version 1  (SYSV),  dynamically linked  (uses shared libs), for gnu/linux 2.6.18,  The Stripped#file command can see the file type, and the result is different from the type command we said in the previous sections #type commands are specifically used to look at the command type. ========================================================================

PS: For example passwd command, path/usr/bin/passwd, permission is "-rwsr-xr-x". The passwd command modifies "/etc/shadow" and/etc/shadow's permissions to the normal user are unreadable, non-writable, and non-executable.

Ps:suid is available only for binary files and not for Shell script files.

SGID

• For file

Function: Temporarily gives User a group permission for binary documents (similar to SUID)

Grammar

chmod g+s file (increase s permission)

chmod g-s file (minus s permission)

Usage restrictions and environment:

1, only for the binary files valid;

2, the performer must have X permission to the file (otherwise cannot execute, Sgid at this time invalid, permission bit display s);

3, the permission is only in the execution process has.

PS: For example locate command, path/usr/bin/locate, permission is "Rwx--s--x". At this point, the normal user temporarily obtained the root user's permission to execute (Locate command will read "/var/lib/mlocate/mlocate.db")

• For directory

Effect: Temporarily modify the user's effectivegroup to a group of that directory

Grammar

chmod g+s dir (increase s privilege)

chmod g-s dir (minus s permission)

Usage restrictions and environment:

1, the user must have X permission to the directory (otherwise inaccessible, suid at this time invalid, the permission bit display s);

2, if the user has W permission to this directory, because the effective group was modified to the group of the directory, so the user to create a file in this directory, the owner of the user itself, belong to the group of users of the directory group.

Sbit

Role: Restricts editing permissions for other user documents or directories between different users in the directory.

Grammar

chmod o+t dir (add t permission)

chmod o-t dir (minus t permission)

Usage restrictions and environment

1, only for the directory;

2, must have the X and W permission (otherwise cannot enter and edit, at this time sbit invalid, the permission bit shows T);

3, the user's own creation of documents and directories, only their own and root can be edited (rename, modify content, copy, delete, etc.)

This article is from the "30 Demon People" blog, please make sure to keep this source http://301ren.blog.51cto.com/8887653/1618816

Linux Basics: 9, File special permissions