Linux Force bit and adventure bit

Source: Internet
Author: User
Tags superuser permission

The linux ext3 file system supports special permissions for setuid and setgid and sticky. For u, g, o, set uid, set gid, and sticky respectively.
 
The Force bit and the adventure bit are added to the execution permission. If the execution permission already exists on the location, the Force bit and the adventure bit are expressed in lowercase letters. Otherwise, it is represented by uppercase letters. Set uid and set gid each adopt one s at the x positions of u and g, and sticky uses one t.
 
 
When a file has a setuid and the others group has executable permissions, others will have the owner permission for the file when the others group executes the program.
 
By default, the files created by the user belong to the current group of the user. Setgid is set on the directory to indicate that any files created in this directory will belong to the directory group.
 
By default, if a directory has w and x permissions, anyone can create and delete files in this directory. Once an adventure bit is set in the directory, only the owner and root of the file can delete the file.
 
You can add set uid and set gid to an executable file. By default, a user executes an executable file and runs the process as the user. After a force bit is added to an executable file, the user can run the process as the owner of the command file or as the group of the command file.
 
You can use the chmod command to set the forced bit and adventure bit for the file.
 
Set uid: chmod u + s file name
 
Set gid: chmod g + s file name
 
Sticky: chmod o + t file name
 
The Force bit and adventure bit can also be specified by adding a number and placing the three digits for reading and writing.
 
4 (set uid)
 
2 (set gid)
 
1 (sticky)
 
Effect of force bit on files
 
You can add set uid and set gid to an executable file. By default, a user executes a command to run the process as the user. The mandatory bit in the command file allows the user to run the process as the owner or group of the command file. Here is a good example. You manage several large database systems, and backing up them requires system management permissions. You have written several scripts and set their setuid, so that some users you specify can complete the corresponding work by executing these scripts without having to log on as a database administrator, to avoid accidental damage to the database server. By executing these scripts, they can complete database backup and other management tasks, and after these scripts are run, they will return to their permissions as common users. Another example is/bin/passwd. To Read/etc/passwd files, you need the superuser permission. However, you can change your password at any time, therefore, setuid is set for/bin/passwd, And the superuser permission is granted when the user changes his/her password.
 
Role of a forced bit on a directory
 
By default, files created by users belong to the current group of users. Setgid is set on the directory to indicate that any files created in this directory will belong to the directory group.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.