Linux Second week study notes (12)

LiNux Second Week study notes (a)

2.18 Special Permissions Set_uid

Set_uid: This permission is for the binary executable, so that the file has the file owner's permissions during the execution phase.

--------------------------------------------------------------------------------------------

For example passwd command:

[email protected] ~]# which passwd

/usr/bin/passwd

[Email protected] ~]# ls-l/usr/bin/passwd

-rwsr-xr-x. 1 root root 27832 6 Month Ten /usr/bin/passwd

First we analyze the differences: /USR/BIN/PASSWD -rwsr-xr-x. has one more on its permission bit. "s"

this "S" is that Set_uid permissions: A normal user in the Windows system can also change the password for their account, Linux in the system passwd can also support ordinary users to change their own passwords, but Linux The system inside the ordinary user is unable to change the password file, we look at the password file a permission:

[Email protected] ~]# ls-l/etc/shadow

----------1 root root 677 1 Month 23:11/etc/shadow

/etc/shadow file permissions are zero, even super usersRootdo not have permission to change, ordinary users are more than change the password file. In theRootunder the user can authorize a writable permission to the file that can be changed directly, but ordinary users will not be able to change the password file. To let ordinary users change their own password but this password file can not let it write, this is a more contradictory place. So how do we come to realize this problem? To be able to do this, we need to use special permissions.Set_uidto solve the problem of changing passwords for ordinary users,Set_uidSpecial permissions allow ordinary users to perform/usr/bin/passwdcommand to give ordinary users temporary ownership of the owner's rights, password changes, after the change is over the permissions will be withdrawn. This isSet_uidThe role of special permissions.

Set_uid Special permissions: Ensure that ordinary users temporarily have the identity of the command owner, using Set_uid A file with special permissions must be a binary file and an executable file. In the Linux system, only the /usr/bin/passwd command uses this privilege .

----------------------------------------------------------------------------------------------

File Authorization Set_uid Special Permissions:

Give Ls–l/usr/bin/ls, Grant Set_uid Special Permissions

Check Permissions First:

[Email protected] ~]# ls-l/usr/bin/ls

-rwxr-xr-x. 1 root root 117656 Month 6 2016/usr/bin/ls

Then switch to a normal user:

[Email protected] ~]# SU-YNGNDZH1

[Email protected] ~]$ WhoAmI

yngndzh1 (Switch to yngndzh1 users)

Normal User View /root/ Insufficient permissions When:

[Email protected] ~]$ ls/root/

ls: Unable to open directory /root/: Insufficient Authority

[Email protected] ~]$ ls-ld/root/

Dr-xr-x---. 3 root root 203 1 months 20:53/root/(normal user is not authorized)

the ls command to set a Set_uid Special permissions allow temporary users to have Root User's permissions:

Switch to Root user to modify:

[Email protected] ~]# chmod u+s/usr/bin/ls

[Email protected] ~]# ls-l/usr/bin/ls

-rwsr-xr-x. 1 root root 117656 Month 6 /usr/bin/ls

At this -rwsr-xr-x the privilege bit adds "S"

Switch to yngndzh1 run under normal user ls command:

[Email protected] ~]$ ls-l/root/

Total Dosage A

-rwx------1 root root 0 1 Month 123.txt 20:53

-rw-------. 1 root root 1418 1 Month 08:19 anaconda-ks.cfg

-rw-r--r--1 root root 4358 1 Month 23:24 anaconda-ks.cfg.1

[Email protected] ~]$ ls-ld/root/

dr-xr-x---. 3 root root 203 1 Month 20:53/root/ (the permission is still normal user cannot execute)

Authorized Set_uid Special permissions can be viewed later /root/ The contents of the directory

Remove Set_uid Special Permissions:

[Email protected] ~]# chmod u-s/usr/bin/ls

[Email protected] ~]# ls-l/usr/bin/ls

-rwxr-xr-x. 1 root root 117656 Month 6 2016/usr/bin/ls

[Email protected] ~]#

--------------------------------------------------------------------------------------------

[Email protected] ~]# chmod u=rws/usr/bin/ls

[Email protected] ~]# ls-l/usr/bin/ls

-rwsr-xr-x. 1 root root 117656 Month 6 /usr/bin/ls

[[email protected] ~]#

This became a big at this time because there is no x permission, one less x So it becomes an uppercase "S" "s" words added x permissions can

[Email protected] ~]# chmod u+x/usr/bin/ls

[Email protected] ~]# ls-l/usr/bin/ls

-rwsr-xr-x. 1 root root 117656 Month 6 2016/usr/bin/ls

Big "S" and Small "S" the difference is not very much because we grant ls when this command has special privileges, ls This command itself is owned by ordinary households X permissions, so the execution is not restricted

[Email protected] ~]# ls-l/usr/bin/ls

-rwxr-xr-x . 1 root root 117656 Month 6 2016/usr/bin/ls

---------------------------------------------------------------------------------------------

Directory Authorization Set_uid Special Permissions:

catalogs are available to join Set_uid special permissions, but not very useful

Linux Second week study notes (12)