Linux file permission bit Suid,sgid,sticky setting understanding

suid Meaning: The bit of the file is set to 1, and when the file is executed, the file will run as the owner, i.e. whoever comes

Execute this file, he has the privileges of the owner of the file, if the owner is root, then the executor has Superuser

Privilege, which is the bit that will become a security vulnerability, so do not set that bit easily.

Sgid Meaning: The runner will have permissions for all groups of files.

Bonding bit: Requires the operating system to retain the image of the program in memory after the executable program exits, in order to save large

The startup time of the program, but it consumes system resources, so setting this bit is better than writing the program.

Set UID; set gid;sticky bit difference

Each file has the owner and group number, set UID, set GID can change the user's permissions to the file: Write and execute.

SETUID: Has the permission of the file owner at execution time.
Setgid: Sets the directory. A directory is marked with the Setgid bit, and the files created under this directory inherit the properties of the directory.
Sticky bit: This bit can be understood as an anti-delete bit. After you set the sticky bit, the user can only add files and not delete files, even if they have write access to the directory.

How to set:

The operation of these flags is the same as the command to manipulate the file permissions, both of which are chmod. There are two ways to do this,
1) chmod U+s Temp--add setuid flag to temp file. (setuid only valid for files, u= users)
chmod g+s tempdir--add setgid flag for TempDir directory (setgid only valid for directory, g= group name)
chmod o+t Temp--Adds a sticky flag to the temp file (sticky only works on the file)

2) Adopt Octal method. The meaning of this set of octal digits three bits is as follows,
Abc
The A-SETUID bit, if the bit is 1, indicates the setting setuid
The B-setgid bit, if the bit is 1, indicates the setting setgid
The C-sticky bit, if the bit is 1, indicates the setting sticky

Once set, you can use Ls-l to view it. If there is an X on that bit, these special flags appear as lowercase letters (s, s, T). Otherwise, it is shown in uppercase letters (s, S, T)
Such as:

rwsrw-r--indicates a setuid flag (rwxrw-r--:rwsrw-r--)
rwxrwsrw-indicates a setgid flag (rwxrwxrw-:rwxrwsrw-)
RWXRW-RWT indicates a sticky flag (RWXRW-RWX:RWXRW-RWT)

Understanding File Permissions

The so-called file permissions, refers to the file access rights, including the file read, write, delete, execute. Linux is a multi-user operating system that allows multiple users to log in and work at the same time. So Linux links a file or directory to a user and group. Take a look at the following example:

Drwxr-xr-x 5 root root 03:27 Desktop

The first, third, and fourth domains are associated with file permissions. The third domain is the owner of the file, the fourth domain is the group that owns the file, and the first domain restricts access to the file. In this example, the owner of the file is root, the group that belongs to is root, and the file access is drwxr-xr-x. For files and directories, each file and directory has a set of permission flags that are combined with them, in the above example, the contents of the first domain. Here's a closer look at the meanings of each symbol in this field:

The field consists of 10 characters, which can be divided into four groups, with the following meanings:

D rwx R-x R-x

File type Owner permission Flag Group permission flag other user rights flag

which

File type: first character. Since the Linux system treats devices, directories, and files as files, this character indicates the type of the file, and the meaning of the character corresponds to the following table:

block device

TD valign= "Top" width= "16%" >

< strong> file Flag	file type	example
-	Normal file	Data files, ASCII Plain text files, programs
D	Directory	/bin
b	/dev/hda HDD)
C	Character device	/dev/ttys1(equivalent to the serial 2 of the DOS type )
S	Sockets	/dev/log
P	Named pipes	/dev/initctl(with "|" Equivalent)
L	Symbolic Links	/dev/modem->/dev/ttys1

Permission flags:

There are 4 different types of users for each file or directory. Each class of users has a set of access rights to read, write, and execute (search) files, which are 4 types of users:

Root: System privileged User class, UID = 0 user.

Owner: The user who owns the file.

Group: The user group name of the user class that shares the groups access permissions for the file.

World: All other users who do not belong to the above 3 classes.

As root, they automatically have full read, write, and search permissions for all files and directories, so it is not necessary to explicitly specify their permissions. Other three types of users can authorize or revoke permissions on the basis of a delay in the file or directory. Therefore, for the other three categories of users, a total of 9 permission bits correspond to, divided into 3 groups, each group of 3, respectively, with R, W, x, respectively, corresponding to the owner, group, World.

Permission bits are slightly different from the meaning of files and directories. Each group of 3 characters corresponds to a left-to-right order, for a file: Read the contents of the file (r), write the data to a file (W), and execute the file as a command (x). For a directory, read the file name (R) contained in the directory, write the message to the directory (add and delete the connection to the index point), search the directory (you can use the directory name as the pathname to access the files or subdirectories it contains). Specifically, it is:

1. A user with read-only permission cannot enter the directory with a CD, and must have execute permissions to enter it.

2. Users with Execute permissions can access files in the directory only if they know the file name and have read permission for the file.

3. You must have read and Execute permissions to use LS to list directory listings, or to use CDs to enter the directory.

4. If the user has write permissions to the directory, you can create, delete, or modify any file or subdirectory under the directory, both of which belong to another user.

Modify file Permissions

First, modify the ownership of the file, using the Chown and CHGRP commands:

Chown new_user file or directory: Modifies the owner of the files or directories.

CHGRP new_group file or directory: Modifies the owning group of the files or directories.

It is important to note that ordinary users cannot take ownership of files or directories with others, only Root has this permission. However, a normal user has the right to change the owning group of a file or directory.

Because the permissions of each class of users are made up of rwx three bits, you can use three octal numbers to represent access to a file. An octal number can be represented by three binary digits, then corresponds to a bit corresponding to r with a weight of 4, a bit corresponding to a weighted value of 2 W, and a bit corresponding to X for a weight of 1. For a class of users, by multiplying the three bits with their corresponding weights, you can derive access to that type of user.

The command to change file access is chmod, in the following format:

chmod permission file_name

For example, chmod 764 a.txt, which indicates that for the owner of a file, has permission to read, write, and execute the file. For the user of the group to which the file belongs, have read and write permissions. For other users, only Read permissions.

It is important to note that the creator of the file is the only ordinary user who can modify the access rights of the file, and another user who can modify the file access rights is root.

There is also a way to use strings to set file access permissions. Where read with R, write with W means, execution is represented by X, the owner is represented by U, the group user is represented by G, other

Linux file permission bit Suid,sgid,sticky setting understanding