Introduction and practice of special permission bits for Linux files and directories
In Linux, both Superuser root and normal user can use the command "passwd" command to modify their password, but everyone who knows Linux know that the Linux password is stored in the /etc/passwd/etc/shadow
Check permissions with ls-l/etc/passwd/etc/shadow
[Email protected] ~]# ls-l/etc/passwd/etc/shadow-rw-r--r--. 1 root root 1497 March 21:15/etc/passwd----------. 1 root root 984 March 21:15/etc/shadow
The ordinary user does not have write permission how can I change the password?
The point is, passwd this command, check the permissions of the passwd command.
[email protected] ~]# which passwd/usr/bin/passwd[[email protected] ~]# ls-l/usr/bin/passwd-rwsr-xr-x. 1 root root 25980 February 2012/usr/bin/passwd
There's an s in it that shows that this command has setuid permissions.
If we root executes
[Email protected] ~]# chmod 644/usr/bin/passwd
Then switch to the su-admin user to change the password
[[email protected] ~]$ Passwd-bash:/usr/bin/passwd: Insufficient permissions
and give setuid authority back to the master 4 .
[Email protected] ~]# chmod 4755/usr/bin/passwd
[[email protected] ~]$ passwd change the user admin password. Change the STRESS password for admin. (current) UNIX password:
Now you can change your password.
Add permissions to a group account 2
[Email protected] ~]# ls-l/usr/bin/passwd-rwsr-xr-x. 1 root root 25980 February 2012/usr/bin/passwd[[email protected] ~]# chmod 2755/usr/bin/passwd [[email protected] ~]# LS- L/usr/bin/passwd-rwxr-sr-x. 1 root root 25980 February 2012/usr/bin/passwd
Remove the authority is 0
[Email protected] ~]# chmod 0755/usr/bin/passwd[[email protected] ~]# ls-l/usr/bin/passwd-rwxr-xr-x. 1 root root 25980 February 2012/usr/bin/passwd
This article from "Stick is not Sugar" blog, reprint please contact the author!
Linux files and directories special permission bits introduction and Practice (Setuid setgid)