#文件的特殊权限
Setuid permissions
S, when s This flag appears in the file owner's x permission, at this time is called the setuid permission, simply is the SUID permission.
Suid required conditions and its main functions:
1. suid permissions are only valid for binary program
2, the performer must have X permission to change the program
3. This permission only works when it is running (run-time)
4. The performer will have the permission of the owner of the program
[[Email Protected]_168_102_centos etc]# ls-l/etc/gs*--rw-------1 root root 479] 15:27/etc/gshadow-[email protected]_168_102_centos etc]# su wanghan[[email protected]_168_102_centos etc]$ cat/etc/gshadow-Cat:/etc/gshadow-: Permission denied[[email protected]_168_102_centos etc]$ exitexit[[email protected]_168_102_centos etc]# ls-ld/bin/Cat-rwxr-xr-x 1 root root 48568 June 2012/bin/cat[[email Protected]_168_102_centos etc]# chmod u+s/bin/Cat set suid permissions [[email protected]_168_102_centos etc]# ls-ld/bin/Cat-rwsr-xr-x 1 root root 48568 June 2012/bin/cat[[email protected]_168_102_centos etc]# su wanghan[[email protected]_168_102_centos etc]$ cat/etc/gshadow-Root:::bin:::bin,daemondaemon:::bin,daemonsys:::bin,admadm:::adm,daemon
Setgid Permissions
When the S project appears in the X position of the user group, it is called set GID permission, also known as Sgid.
Sgid can be set for files and directories, and if for files, Sgid functions as follows:
1. Sgid is useful for binary programs
2, the program's executor for the change program, must have the X permission
3. The performer will receive the support of the user group that the program belongs to during execution.
When used on top of a directory:
1, if the user has R and X permissions to this directory, users can enter the directory
2, users in this directory of the effective user group (effective group) will become the user group of the directory
3. If the user has W (can create new file) permission in this directory, the user group of the new file created by the user is the same as the user group of this directory
[Email protected]_168_102_centos ~]# chmod g+s/tmp/sgid #设定sgid权限
~]# ls-ld/tmp/sgiddrwxrwsr-X 2 openstack openstack 4096 11:30/tmp/sgid ~]# Ch MoD O+w/tmp/sgid/~/tmp/sgid/-ld/tmp/sgid/wanghandrwxrwsr-X 2 Wanghan OpenStack 4096 11:34/tmp/sgid/wanghan
Setbit Permissions
This sticky Bit (sbit) permission is only valid for the directory and has no effect on the file.
Effects and Prerequisites:
1, when the user has W, x permissions for this directory, that is, with write permission
2. When a user creates a file or directory under this directory, only himself and the root user have the right to delete the file
[[Email Protected]_168_102_centos ~]# ls-l/tmp/sgid/8DRWXRWSR-X 2 openstack OpenStack 4096 26 11:3 8 OPENSTACKDRWXRWSR-X 2 wanghan openstack 4096 11:39~]# chmod o+t/tmp/sgid/~]# ls- ld/tmp/sgiddrwxrwsrwt4 OpenStack openstack 4096 11:39/tmp/~-rf/tmp/sgid/< C10>openstackrm:cannot Remove '
[Email Protected]_168_102_centos rott]$ Rm-rf/tmp/sgid/wanghan
#at命令: Executes a specified task at a specified time, only once
At time
[Email Protected]_168_102_centos ~]# at 14:58 at> cat/etc/passwdat> <EOT> #ctrl +d Submit Task 879 at 2014-08-26 14:58to]# at 3pmat> tail/etc/passwdat> <EOT> 880 at 2014-08-26 15:00
CTRL+D: Submitting a task
At-l: View jobs, or use ATQ
[[Email Protected]_168_102_centos ~]# at-l879 2014-08-26 14:58 a root880 2014-08-26 15:00 ~]# atq879 2014-08-26 14:58 a root880 2014-08-26 15:00 a root
at-d: Delete a job that has not been executed
[Email protected]_168_102_centos ~]# atq879 2014-08-26 14:58 a root880 2014-08-26 15:00~]# at-d 880~]# atq879 2014-08-26 14:58 a root
At-f: Reads a task from the specified file instead of reading it from the standard input
[Email protected]_168_102_centos ~~]# at-882 at 2014-08-26 15:00~]# tail-n 1/etc/PASSW DAT_TEST:X:502:502::/home/at_test:/bin/bash
Linux Learning Commands Summary ⑩⑤