"Linux" understands setuid (), Setgid (), and sticky bits

See: http://blog.csdn.net/m13666368773/article/details/7615125

Linux setuid mechanism

(1) Which resources or files can be accessed while the process is running, and not depending on the owner of the process file, but rather on the uid/gid of the user who runs the command, to obtain various system resources as that identity.

(2) for a master root executable file, if the SUID bit is set, all other ordinary users will be able to run the file as root and obtain the appropriate system resources.

(3) It can be simply understood that a normal user has special permissions that can perform "only root permissions".

(4) The role of Setuid,setuid is to allow the user executing the command to execute the command owner's permission, such as ordinary user execution passwd will have root permissions, so you can modify/etc/passwd this file. It is marked as: S, where it appears in X, for example:-rwsr-xr-x. The setgid means that the user executing the file is executed with the permission of the group to which the file belongs.

(5) We know that/tmp is the temporary file directory of the system, all the users in the directory has all the permissions, that is, in this directory can be arbitrarily created, modify, delete files, if user A in this directory created a file, User B deleted the file, this situation we are not allowed. To achieve this, the concept of stick bit (sticky bit) is present. It is for the directory, if the directory is set stick bit (sticky bit), the file in addition to the file creator and root user can delete and modify the/tmp directory of stuff, other users cannot move others, this is the role of sticky bit.

The special permission bit in the chmod command means:

1, s_isuid 04000 file (set User-id on execution) bit

2, S_isgid 02000 file (set Group-id on execution) bit

3. Sticky bit of s_isvtx 01000 file

All of the above are 8 binary numbers.

How to set UID, GID, Stick_bit:

SUID: Put the x position of U, the original position has execute permission, it is set to S, not for S.

chmod u+s XXX # set setuid permissions

chmod 4551 File//permissions: R-sr-x-x

SGID: Placed in the x position of G, the original position has execute permission, is set to S, not for S.

chmod g+s XXX # set Setgid permissions

chmod 2551 File//permissions: R-xr-s--x

STICKY: Sticky bit, placed in the X position o, the original location has execute permission, is set to T, otherwise t.

chmod o+t XXX # set stick bit permissions for directory

chmod 1551 File//permissions: R-xr-x--t

"Linux" understands setuid (), Setgid (), and sticky bits