Linux special permission analysis (version 2) and linux Version 2

Linux special permission analysis (version 2) and linux Version 2
SetUID [permission value = 4]

Q: Why can ordinary users change their passwords?

Ll $ (which passwd)

 

1. SetUID: When an executable program/command has the SetUID permission, the user executes the program as the owner of the program.

 

2. Add the SetUID permission:

Chmod u + s [filename] Or chmod 4755 [filename] # SetUID permission value = 4

 

E. g.

Chmod u + s $ (which touch)

 

# We can see that the owner of newfile2 is not guest, but root!

 

3. Dangerous!

Setting the command to SetUID is very dangerous. For example, if you set vi to SetUID, You can edit and save all the files in the system, or even system configuration files! He can instantly program a Super User. He can restart your system or set kill to SetUID...

 

Prevention:

Find/-perm-4000-o-perm-2000

# Search for objects with permissions of 4000 or 2000, that is, objects with SetUID and SetGID

 

4. Cancel the SetUID permission:

Chmod u-s [filename] Or chmod 755 [filename]

 

Appendix-the original file must be an executable program. If the original file does not have the x permission, it does not work after the SetUID is set.

 

# S [uppercase]!

SetGID [permission value = 2]

1. SetGID: When an executable program/command has the SetGID permission, the user executes the program as the group to which the program belongs.

 

2. Add the SetGID permission:

Chmod g + s [filename] Or chmod 2755 [filename] # SetGID permission value = 2

# We can see that the Group testfile2 belongs to is not the default guest, but root!

[Set UID and GIDchmod 655 at the same time ...]

Adhesive bit [permission value = 1]

1. Adhesion bits: If a directory with a permission of 777 is set with a adhesion bits, each user can create files in this directory, but only Delete Files Owned by the owner.

 

 

2. Set the adhesion position:

Chmod o + t [filename] Or chmod 1777 [filename] # The sticking bit is represented by t. The permission value is 1.

 

 

# As you can see, in the/t_test directory with a bid set, you can delete files belonging to you, but you cannot delete files from others.

 

Appendix-special permissions for files:

Umask command first

Special linux Permissions

Who taught you your opinion?

Command cat 111, you need to read the file 111 permission,
File 111 belongs to the user root, group root,
The system found that your user is not the root user. File 111 is not open to the owner.
Therefore, your command is rejected.

Linux special File Permissions

Linux special file permissions Jin Yang Kai Thai rich people Qing Zheng exhibition new article batch: Spring man