"Linux" File special permissions Suid/sgid/sticky Bit

In addition to common read (R), write (W), execute (x) permissions in Linux, there are 3 special permissions, namely Setuid, setgid, and stick bit

1, setuid, setgid

Take a look at an example to see the permissions of your/usr/bin/passwd and/etc/passwd files

[Email protected] ~]# ls-l/usr/bin/passwd/etc/passwd
-rw-r--r--1 root root  1549 08-19 13:54/etc/passwd
-rwsr-xr-x 1 root root 22984 2007-01-07/usr/bin/passwd

As we all know, the/etc/passwd file of each user's account and password information,/USR/BIN/PASSWD is to perform the modification and viewing of this file program, but from the permissions,/etc/passwd only the root of the write (W) rights, can actually each user can be /USR/BIN/PASSWD command to modify this file, so here is involved in Linux special Permissions setuid, as-rwsr-xr-x in the S

Setuid is: Let ordinary users have the ability to perform "only root permission to execute" Special permissions, Setgid "group"

As a normal user is not authorized to modify the/etc/passwd file, but to/usr/bin/passwd to setuid permissions, ordinary users can be executed passwd command, temporary root permissions, to modify the/etc/passwd file

2. Stick bit (paste bit)

See an example to see the permissions of your/tmp directory

[Email protected] ~]# ls-dl/tmp
DRWXRWXRWT 6 root root 4096 08-22 11:37/tmp

The TMP directory is a temporary folder common to all users, all users have read and write permissions, which inevitably arises a problem, a user in/tmp created a file a.file, at this time B user looked uncomfortable, in/TMP to delete it (because of having read and write permission), it is certainly not. This is not actually the case because there is a special permission to stick bit (paste bit) permission, as in DRWXRWXRWT the last T

stick bit (paste bit) is: unless the owner and root user of the directory has permission to delete it, other users cannot delete and modify the directory .

That is, in the/tmp directory, only the owner and root of the file can modify and delete it, other users do not, avoid the above mentioned problem arises. The purpose is generally to open a folder's permissions, and then to share files, like the/tmp directory.

3, how to set the above special permissions
Setuid:chmod u+s XXX

Setgid:chmod g+s XXX

Stick Bit:chmod o+t xxx

Or, using the Octal method, add a number to the previous number, and the three permission represents a binary number similar to the general permission, as follows:

Suid GUID Stick bit

1 1 1

So: Suid binary string is: 100, conversion decimal: 4

The binary string for the GUID is: 010, conversion: 2

Stick bit binary string: 001, Conversion: 1

So it can also be set: Setuid:chmod 4755 xxx

Setgid:chmod 2755 XXX

Stick bit:chmod 1755 xxx

Finally, after some files have special permissions set, the letters are not lowercase s or T, but the uppercase S and T, which means that the special permissions on this file do not take effect because you have not given it the user's X permission

Transferred from: http://www.cnblogs.com/huangzhen/archive/2011/08/22/2149300.html

"Linux" File special permissions Suid/sgid/sticky Bit