Linux set UID set GID stick bit soft hard connection

1. First look at a special permission set UID

[Email protected]:/home/nfyx/test/umask# which passwd
/usr/bin/passwd
[Email protected]:/home/nfyx/test/umask# ll/usr/bin/passwd
-rwsr-xr-x 1 root root 54256 May 07:37/usr/bin/passwd*
[Email protected]:/home/nfyx/test/umask#

Here's the S permission, what's the situation?

So, what we're going to learn here is set_uid.

Cause, the ordinary user to some special executable file execution.

For example: You can modify their own password, but not the other user's password, but the root user can also modify any user's password.

This can be understood as the particularity of the privilege.

The premise is generally added to the binary file (understood as an executable file), add to other files or directories, it is meaningless!

Case:

The usual LS command, can only see their own files or directories, and can not view the root directory files:

[Email protected]:~/test/umask$ ls/root/
LS: Unable to open directory '/root/': Insufficient permissions
[Email protected]:~/test/umask$

Obvious permissions are insufficient:

[Email protected]:~/test/umask$su
Password:
[Email protected]:/home/nfyx/test/umask#chmod u+s/bin/ls
[Email protected]:/home/nfyx/test/umask#Ll/bin/ls
-rwsr-xr-x1 root root 126584 March 3 2017/bin/ls*
[Email protected]:/home/nfyx/test/umask#su Nfyx
[email protected]:~/test/umask$ls/root/
Desktop
[Email protected]:~/test/umask$
It is obvious here that you can see the files in the root directory.

Here's chmod u+s/bin/ls

is to put/bin/lis user plus a supper permission, that is, add a superuser privileges.

To cancel, just use

chmod u-s/bin/ls

[Email protected]:/home/nfyx/test/umask# chmod u-s/bin/ls
[Email protected]:/home/nfyx/test/umask# ll/bin/ls
-rwxr-xr-x 1 root root 126584 March 3 2017/bin/ls*
[Email protected]:/home/nfyx/test/umask#
Here, the/bin/ls inside the S permission to cancel!

(You can also use the chmod u=rws/bin/ls command)

2. Set GID permissions.

chmod g+s/bin/ls

chmod g-s/bin/ls

By default, the function is the same as the set UID.

The special usage is that after the directory changes the user group, the new file or directory will be the same as the changed user group.

Case:

[Email protected]:/home/nfyx/test/setuid#chmod g+s Setgid/
[Email protected]:/home/nfyx/test/setuid#ls-ld Setgid/
Drwxr-sR-x 2 root root 4096 October 14:24 Setgid/
[Email protected]:/home/nfyx/test/setuid#Chown:nfyx Setgid/
[Email protected]:/home/nfyx/test/setuid# ls-ld Setgid/
Drwxr-sr-x 2Root Nfyx4096 October 14:24 Setgid/
[Email protected]:/home/nfyx/test/setuid#mkdir SETGID/AA
[Email protected]:/home/nfyx/test/setuid#ls-ld setgid/aa/
Drwxr-sr-x 2Root Nfyx4096 October 14:26 setgid/aa/
[Email protected]:/home/nfyx/test/setuid#Touch Setgid/aa.txt
[Email protected]:/home/nfyx/test/setuid#ls-l setgid/aa.txt
-rw-r--r--1Root Nfyx0 October 14:26 Aa.txt
[Email protected]:/home/nfyx/test/setuid#
It is also said that once the group set the GID, after changing the directory user group, in the directory, all new files and directories created

Are the same as the user groups that have changed!

If the GID is removed, then the built directory or file, belong to, the creator of the group!

Such as:

[Email protected]:/home/nfyx/test/setuid#chmod g-s Setgid/
[Email protected]:/home/nfyx/test/setuid#ll-d Setgid/
DrwxR-xR-x 3 root nfyx 4096 October 14:26 setgid//
[Email protected]:/home/nfyx/test/setuid#mkdir setgid/bb
[Email protected]:/home/nfyx/test/setuid#Touch Setgid/bb.txt
[Email protected]:/home/nfyx/test/setuid# ll Setgid/
Total dosage 16
Drwxr-xr-x 4 root nfyx 4096 October 31 14:36./
Drwxr-xr-x 3 root root 4096 October 31 14:24.. /
Drwxr-sr-x 2 root nfyx 4096 October 14:26 aa/
-rw-r--r--1 root nfyx 0 October 14:26 aa.txt
Drwxr-xr-x 2root root4096 October 31 14:36bb/
-rw-r--r--1root root0 October 31 14:36Bb.txt
[Email protected]:/home/nfyx/test/setuid#

3.stick bit

First look at a file permission, such as:

[Email protected]:/home/nfyx/test/setuid# ll-d/tmp/
Drwxrwxrwt root root 16384 October 14:17/tmp//

The permissions here are somewhat different,

Here's T is the additional anti-delete permission

Because, in the/tmp directory, there are many temporary files, most of the permissions are 777, in order to prevent other users, delete them,

One more paste bit, that is, anti-delete permissions,

Once the permissions for a file or directory are RWXRWXRWT, other users can read and write modifications, but they cannot be deleted.

Case:

[Email protected]:/$ ll-d/tmp/
DRWXRWXRWT root root 16384 October 16:45/tmp//
[Email protected]:/$ rm -dr /tmp/
RM: Cannot delete '/tmp/. Test-unix ': Operation not allowed
RM: Cannot delete '/tmp/. Ice-unix ': Operation not allowed
RM: Unable to delete '/tmp/.font-unix ': Disallowed operation

Supposedly he has rwx permissions, each user is to be deleted, but because there is a paste bit t, it is not possible to delete the files inside it.

3 Soft Connection Hard connection

A soft connection

Command:ln-s souce Destians (i.e. ln-s source file directory file)

[email protected]:~/test/link$ ls
[email protected]:~/test/link$ mkdir link
[email protected]:~/test/link$ ls
Link
[email protected]:~/test/link$ Ln-s link/  Softlink
[email protected]:~/test/link$ ll
drwxrwxr-x  2 nfyx nfyx 4096 October 17:04 link/
lrwxrwxrwx  1 nfyx nfyx    5 October 17:04 softlink, link/
[email protected]:~/test/link$
like this, you do a soft connection (this is equivalent to the Windows Shortcut)

Tip: Try using an absolute path to make a soft connection.

b Hard Connect

Command: LN soure Destians (unlike soft connections, they use an inode number)

Such as:

[Email protected]:~/test/link$Touch Aa.txt
[Email protected]:~/test/link$Ln aa.txt bb.txt
[Email protected]:~/test/link$ ll-i
Total Dosage 12
1839330 drwxrwxr-x 3 Nfyx nfyx 4096 October 31 17:23./
1838567 drwxrwxr-x Nfyx nfyx 4096 October 31 17:03. /
1849098-rw-rw-r--2 nfyx nfyx 0 October 31 17:22Aa.txt
1849098-rw-rw-r--2 nfyx nfyx 0 October 31 17:22Bb.txt
1845100 drwxrwxr-x 2 nfyx nfyx 4096 October 17:04 link/
1839835 lrwxrwxrwx 1 Nfyx nfyx 5 October 17:04 Softlink-link//
[Email protected]:~/test/link$ ln-s aa.txt cc.txt
[Email protected]:~/test/link$ ll-i
Total Dosage 12
1839330 drwxrwxr-x 3 Nfyx nfyx 4096 October 31 17:23./
1838567 drwxrwxr-x Nfyx nfyx 4096 October 31 17:03. /
1849098-rw-rw-r--2 nfyx nfyx 0 October 17:22 aa.txt
1849098-rw-rw-r--2 nfyx nfyx 0 October 17:22 bb.txt
1849788 lrwxrwxrwx 1 nfyx nfyx 6 October 17:23 cc.txt-Aa.txt
1845100 drwxrwxr-x 2 nfyx nfyx 4096 October 17:04 link/
1839835 lrwxrwxrwx 1 Nfyx nfyx 5 October 17:04 Softlink-link/

That is, these two files use the same inode number.

However:(the directory does not allow hard connections)

[Email protected]:~/test/link$ LN link/linkdir
ln:link/: Do not allow hard links to be directed to the directory
[Email protected]:~/test/link$
Again is, hard connect, can't cross partition! Because, each partition has its own independent inode number (this way, it will conflict)

Hard connection inside, the contents of the file are the same,

Change the contents of a file, and the contents of other hard-connected files will be changed accordingly.

Hard connect can have many connections pointing to the same file, but as long as there is a connection pointing, his content is still there.

Unless all the files are deleted, the inode number is deleted, and the contents of the file data are deleted.

Append: (Find command)

Find-name,-type,-ctime,-mtime.

find/etc/-name "*.conf" (by name, Fuzzy Lookup)

Find-type d "111" (d Find directory)

Find-type F "Cc.txt" (F for file)

Find-type f-mtime-1-name "*.conf" (less than 1 days of +1 means more than one day)

find/etc/-type f-mmin-60-exec ls-lh {} \; (Find etc under the file less than 60 minutes, and show it to each)

Find-inum # # # (through inode number to find related files)

Hope, we can understand!

2017.10.31

This article is from the "cow dung also incense" blog, please be sure to keep this source http://ainfyx.blog.51cto.com/724466/1977854

Linux set UID set GID stick bit soft hard connection