Linux Learning Commands Summary ⑩⑤

#文件的特殊权限

Setuid permissions

S, when s This flag appears in the file owner's x permission, at this time is called the setuid permission, simply is the SUID permission.

Suid required conditions and its main functions:

1. suid permissions are only valid for binary program

2, the performer must have X permission to change the program

3. This permission only works when it is running (run-time)

4. The performer will have the permission of the owner of the program

[[Email Protected]_168_102_centos etc]# ls-l/etc/gs*--rw-------1 root root 479] 15:27/etc/gshadow-[email protected]_168_102_centos etc]# su wanghan[[email protected]_168_102_centos etc]$ cat/etc/gshadow-Cat:/etc/gshadow-: Permission denied[[email protected]_168_102_centos etc]$ exitexit[[email protected]_168_102_centos etc]# ls-ld/bin/Cat-rwxr-xr-x 1 root root 48568 June 2012/bin/cat[[email Protected]_168_102_centos etc]# chmod u+s/bin/Cat set suid permissions [[email protected]_168_102_centos etc]# ls-ld/bin/Cat-rwsr-xr-x 1 root root 48568 June 2012/bin/cat[[email protected]_168_102_centos etc]# su wanghan[[email protected]_168_102_centos etc]$ cat/etc/gshadow-Root:::bin:::bin,daemondaemon:::bin,daemonsys:::bin,admadm:::adm,daemon

Setgid Permissions

When the S project appears in the X position of the user group, it is called set GID permission, also known as Sgid.

Sgid can be set for files and directories, and if for files, Sgid functions as follows:

1. Sgid is useful for binary programs

2, the program's executor for the change program, must have the X permission

3. The performer will receive the support of the user group that the program belongs to during execution.

When used on top of a directory:

1, if the user has R and X permissions to this directory, users can enter the directory

2, users in this directory of the effective user group (effective group) will become the user group of the directory

3. If the user has W (can create new file) permission in this directory, the user group of the new file created by the user is the same as the user group of this directory

[Email protected]_168_102_centos ~]# chmod g+s/tmp/sgid #设定sgid权限

~]# ls-ld/tmp/sgiddrwxrwsr-X 2 openstack openstack 4096 11:30/tmp/sgid ~]# Ch MoD O+w/tmp/sgid/~/tmp/sgid/-ld/tmp/sgid/wanghandrwxrwsr-X 2 Wanghan OpenStack 4096 11:34/tmp/sgid/wanghan

Setbit Permissions

This sticky Bit (sbit) permission is only valid for the directory and has no effect on the file.

Effects and Prerequisites:

1, when the user has W, x permissions for this directory, that is, with write permission

2. When a user creates a file or directory under this directory, only himself and the root user have the right to delete the file

[[Email Protected]_168_102_centos ~]# ls-l/tmp/sgid/8DRWXRWSR-X 2 openstack OpenStack 4096 26 11:3 8 OPENSTACKDRWXRWSR-X 2 wanghan   openstack 4096 11:39~]# chmod o+t/tmp/sgid/~]# ls- ld/tmp/sgiddrwxrwsrwt4 OpenStack openstack 4096 11:39/tmp/~-rf/tmp/sgid/< C10>openstackrm:cannot Remove '

[Email Protected]_168_102_centos rott]$ Rm-rf/tmp/sgid/wanghan

#at命令: Executes a specified task at a specified time, only once

At time

[Email Protected]_168_102_centos ~]# at 14:58 at> cat/etc/passwdat> <EOT> #ctrl +d Submit Task  879 at 2014-08-26 14:58to]# at 3pmat> tail/etc/passwdat> <EOT>  880 at 2014-08-26 15:00

CTRL+D: Submitting a task

At-l: View jobs, or use ATQ

[[Email Protected]_168_102_centos ~]# at-l879    2014-08-26 14:58 a root880    2014-08-26 15:00  ~]# atq879    2014-08-26 14:58 a root880    2014-08-26 15:00 a root

at-d: Delete a job that has not been executed

[Email protected]_168_102_centos ~]# atq879    2014-08-26 14:58 a root880    2014-08-26 15:00~]# at-d 880~]# atq879    2014-08-26 14:58 a root

At-f: Reads a task from the specified file instead of reading it from the standard input

[Email protected]_168_102_centos ~~]# at-882 at 2014-08-26 15:00~]# tail-n 1/etc/PASSW DAT_TEST:X:502:502::/home/at_test:/bin/bash

Linux Learning Commands Summary ⑩⑤