Linux special permissions SUID, SGID, SBIT, suidsgid

Linux special permissions SUID, SGID, SBIT, suidsgid

For file or directory permissions in linux, you should be aware of common rwx permissions (view my blog http://www.cnblogs.com/javaee6/p/3994750.html for rwx permissions in linux ). Let's take a look at the following two permissions:

It's strange that the permissions of the/tmp directory and passwd file are strange. How can I have the s and t permissions. After reading the following content, you will understand it.

1 SUID

When s appears on the x permission of the file owner, as shown in the preceding figure, the permission of the/usr/bin/passwd file is limited to-rwsr-xr-x, this is called set uid or SUID. what are the restrictions and functions of SUID for a file?

For example, if a common user uses passwd to modify his own command, the final change is the/etc/passwd file. When this file is used, the user manages the configuration file, and only the root permission can be changed.

Since the root user has this permission, why can we use the passwd command to change the password? This is because passwd has set the suid permission bit.

In this case, a common user has temporary root permissions by executing the passwd command, and indirectly Modifies/etc/passwd to achieve the permission to change his/her password.

2 SGID

When s appears on the x permission of the directory or file group, it is called set gid or SGID. What functions does SGID have for the file and directory segments?

2.1 SGID pair directory

2.2 SGID pair File

3 SBIT

When s appears on the x permission of other users in the directory, it is called Sticky Bit SBIT. What are the limits and functions of SBIT?

We know that the/tmp directory has such permissions.

Now let's verify, first create a file test in the tmp file with the root account, then use openstack (Other accounts) to enter the directory, delete the test file, and see what happened.

We can see that the file cannot be deleted. Because the/temp directory has the SBIT permission.

4. How to operate SUID, SBID, and SBIT?

The operation flag is the same as the operation File Permission command.Chmod. There are two ways to operate,

(1) Change the permission of the symbol type

(2) Change the permission of a digital archive

The octal mode is used. for general files, use three Octal numbers to set the flag, such as 666,777,644. if these special characters are set, a group of Octal numbers is added to this group of numbers. such as 4666,277 7. the meanings of the three octal digits in this group are as follows,

Abc

After these flags are set, you can use ls-l to view them. If these flags exist, they will be displayed in the original execution flags. For example:

So where did the original execution mark x go? The system stipulates that, if there is x in this bit, these special signs will be displayed as lowercase letters (s, s, t ). otherwise, uppercase letters (S, S, T) are displayed)

Linux special File Permissions

Linux special file permissions Jin Yang Kai Thai rich people Qing Zheng exhibition new article batch: Spring man
 
What is suid sgid sbit in linux?

Suid shell is a shell that can be run with the permission of the owner. That is, if the owner
Is root, then you may use root
Sgid is used to execute a file as the group to which the file belongs. More importantly, it is used to grant directory permissions,
The third one you mentioned is sticky. That is, the newly created file inherits the group of the directory. Users with write permission on the directory can only write their own files.
Maybe you still don't quite understand this. You can go to linuxcast to find the relevant video. I learned from it. Hope to help you