Linux special permission analysis (version 2) and linux Version 2

Source: Internet
Author: User

Linux special permission analysis (version 2) and linux Version 2
SetUID [permission value = 4]

Q: Why can ordinary users change their passwords?

Ll $ (which passwd)

 

1. SetUID: When an executable program/command has the SetUID permission, the user executes the program as the owner of the program.

 

2. Add the SetUID permission:

Chmod u + s [filename] Or chmod 4755 [filename] # SetUID permission value = 4

 

E. g.

Chmod u + s $ (which touch)

 

# We can see that the owner of newfile2 is not guest, but root!

 

3. Dangerous!

Setting the command to SetUID is very dangerous. For example, if you set vi to SetUID, You can edit and save all the files in the system, or even system configuration files! He can instantly program a Super User. He can restart your system or set kill to SetUID...

 

Prevention:

Find/-perm-4000-o-perm-2000

# Search for objects with permissions of 4000 or 2000, that is, objects with SetUID and SetGID

 

4. Cancel the SetUID permission:

Chmod u-s [filename] Or chmod 755 [filename]

 

Appendix-the original file must be an executable program. If the original file does not have the x permission, it does not work after the SetUID is set.

 

# S [uppercase]!

SetGID [permission value = 2]

1. SetGID: When an executable program/command has the SetGID permission, the user executes the program as the group to which the program belongs.

 

2. Add the SetGID permission:

Chmod g + s [filename] Or chmod 2755 [filename] # SetGID permission value = 2



# We can see that the Group testfile2 belongs to is not the default guest, but root!

[Set UID and GIDchmod 655 at the same time ...]


Adhesive bit [permission value = 1]

1. Adhesion bits: If a directory with a permission of 777 is set with a adhesion bits, each user can create files in this directory, but only Delete Files Owned by the owner.

 

 

2. Set the adhesion position:

Chmod o + t [filename] Or chmod 1777 [filename] # The sticking bit is represented by t. The permission value is 1.

 

 

# As you can see, in the/t_test directory with a bid set, you can delete files belonging to you, but you cannot delete files from others.

 

Appendix-special permissions for files:

Umask command first


Special linux Permissions

Who taught you your opinion?

Command cat 111, you need to read the file 111 permission,
File 111 belongs to the user root, group root,
The system found that your user is not the root user. File 111 is not open to the owner.
Therefore, your command is rejected.

Linux special File Permissions

Linux special file permissions Jin Yang Kai Thai rich people Qing Zheng exhibition new article batch: Spring man
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.