Let's take a look at the permissions of these two files:
[Email protected] ~]# ls-ld/usr/bin/passwd/tmp
DRWXRWXRWT 4 root root 4096 June 2 17:33/tmp
-rwsr-xr-x 1 root root 22984 Jan 7 2007/usr/bin/passwd
The S and T here are for execution permission.
This s permission is intended to allow the general user to temporarily have execute permissions for the primary/group to which the file belongs. For example,/usr/bin/passwd in the implementation of it needs to modify/etc/passwd and/etc/shadow files, these files in addition to root, other users do not have write permission, but in order to allow ordinary users to modify their own password, They are only allowed to have root permissions temporarily. So this s permission is used to accomplish this particular task. The S permission can only be applied to the binary executable file.
If you don't want ordinary users to change their passwords, just
[Email protected] ~]#chmod u-s/usr/bin/passwdOr
[Email protected] ~]#chmod 0755/usr/bin/passwd
0755 The first 0 indicates that no special permissions are used, the digits on the bit can be 0,1 (--t), 2 (-s-), 3 (-st), 4 (s--), 5 (S-T), 6 (ss-), 7 (SST)
The T permission is only valid for the directory, which means that only the owning master and root can delete (rename/move) files in that directory. For example, the/tmp directory is any user can read and write, if others can arbitrarily delete (rename/move) their own files, it is not very dangerous. So this T-permission is to solve this problem. Here is an example of how to use this permission:
[Email protected] ~]# cd/tmp/
[Email protected] tmp]#mkdir Test
[Email protected] tmp]#chmod 1777 Test
[Email protected] tmp]#ls-ld Test
DRWXRWXRWT 2 root root 4096 June 2 18:10 test
[Email protected] tmp]#su test1
[Email protected] tmp]$Touch Test/1.txt
[Email protected] tmp]$ls-l Test
Total 4
-rw-r--r--1 test1 Test 0 June 2 18:12 1.txt
[[Email protected] tmp]$ exit
[email protected] tmp]# su www
[Email protected] tmp]$ls-l test/1.txt
-RWXRWXRWX 1 test1 Test 6 June 2 18:12 Test/1.txt
[Email protected] tmp]$ RM test/1.txt
Rm:cannot remove ' test/1.txt ': Operation not permitted
Prompt cannot delete 1.txt
[[Email protected] tmp]$ exit
[Email protected] tmp]#chmod-t Test
Remove the T permission.
[Email protected] tmp]# LS-LD test
DRWXRWXRWX 2 root root 4096 June 2 18:13 test
[email protected] tmp]# su www
[Email protected] tmp]$rm-f test/1.txt
Deleted again, the deletion succeeds.
[Email protected] tmp]$ls test/1.txt
Ls:test/1.txt:no such file or directory
[Reprint]linux under special permissions of the file s and T