Linux,centos,redhat Suid,sgid, Sticky bit permissions function is what

SUID

Set Uid

When we use LS to see passwd and Shadow permissions, will find shadow file only the root user has all permissions, the rest of them all do not have any permissions, shadow file is to save the individual user password-related data, but then imagine, Although the passwd command can allow a normal user to execute, but shadow really cannot be written by ordinary users Ah, when we are non-root user how to repair their own password?

When we use ZKNCN this ordinary user to execute passwd This command, at this time suid permissions to work, for this permission, ordinary users in the execution of this command, the user temporarily obtained the permissions of the program owner, that is, the root user's rights, when used to shadow this file operation

The basic function and description of SUID:

Works more on binary executable settings only. is not useful for other types of files or directories

This permission can only work during the execution of the executable file. For example, we use the ZKUNCN user can execute passwd command to modify their own password, but the cat read/etc/shadow file is not authorized

The executing user needs to have execute permissions on the executable, that is, the X permission. Because X permission is required to execute the program

This permission is used in the program owner permission group in the X permission location in S, because the permission is only interesting with x permission, so the s and X permissions are written in the X permission position, when the uppercase S is an invalid suid, for example, the user does not have X permission to the program, but set the S permission

SGID

In the suid is temporary access to the owner of the program, as the name implies SGID, is the temporary access to all groups of the program permissions, but SGID can be executable binary programs or directories, the permission in the group X permission location with S, also need x permission, if there is no X permission, how to express invalid SGID permissions, denoted by uppercase S

When the object is a directory is:

If a user enters a directory with Sgid permissions, the user's group under this directory will become a group of that directory

If the user can create directories and files, then the group of directories and files is the group of the Directory

For example: In the second line we can see that the testfile file belongs to the Zkunc user, the group belongs to the ZKUNCN group, at this time I use the user zkuncn1 in the testfile file to create a hello file, and then use LS to see, you can see Hello file group is ZKUNCN, because the Testfile directory has SGID permissions, the group under normal hello should be zkuncn1

If the object is an executable program:

Binary executable program with x permission

The executing user has permission to the program group during the execution

Sticty Bit

This permission is only valid for the directory, the file has no effect, the permission is T, if a directory set the T permission, then each user can create and add files or directories in this directory, but each user only to delete the files or directories belonging to their own users, can not delete other people's files and directories, even if the file or directory has 777 The permissions. Similarly, the T permission in other user X permission location with T, T permission also requires X permission, if there is no X permission, it is invalid, denoted by a large t.

The simple is the TMP directory

In the TMP directory, we use ZKUNCN user to create a file Zkuncndir, at this time to switch to ZKUNCN1 users, to delete the Zkuncndir folder, although the permissions of this folder is 777 but because t this permission, still cannot delete

Linux,centos,redhat Suid,sgid, what does Sticky bit permissions do