Special permissions for Rights management files in Linux

SetUID
1. It is only meaningful to set SUID permissions on an executable binary program
2. Command performer to have execute permission on the program
3. The command performer obtains the identity of the program file in the execution of the program
4.SetUID permissions are only valid in the execution of the program, that is, identity changes are only valid in program execution

For example:
passwd command has setuid permissions, so ordinary users can change their own password
When a normal user invokes the passwd command, it is temporarily run with the passwd host, which is the root user
Real execution will temporarily modify the contents of the/etc/shadow file by root.

View the passwd information through the LL command (user rights identifier There x that one became s):
[Email protected] temp]# LL/USR/BIN/PASSWD
-rwsr-xr-x. 1 root root 30768 November 2015/usr/bin/passwd
Set setuid
4 on behalf of SETUID
chmod 4755 file name
chmod u+s file name
Cancel Setuid
chmod 755 file name
chmod u-s file name

SetGID
For files:
1. It is only meaningful to set Sgid permissions on an executable binary program
2. Command performer to have execute permission on the program
3. The command executor obtains the identity of the group of the program file when executing the program
4.SetGID permissions are only valid in the execution of the program, that is, group identity changes are only valid in program execution
Note: The role of sgid for files is much like suid, except that the promotion is a group
For directory:
1. Normal users must have read and Execute permissions on this directory in order to access this directory
2. A valid group of ordinary users in this directory will program the genus Group of this directory
3. If the normal user has write permission to the secondary directory, the default group of the newly created file is the genus of this directory.
Set Setgid
2 on behalf of Setgid
chmod 2755 file name
chmod g+s file name
Cancel Setgid
chmod 755 file name
chmod g-s file name

Stickybit (Sticky bit)
1. Sticky bits currently valid only for catalogs
2. Normal users have write and execute permissions on the directory
3. If there is no sticky bit, because the normal user has write permissions, so you can delete files in this directory, including other user-established
4. If there is a sticky bit, root can delete all files, ordinary users can only delete the files they created, cannot delete others '
5. Other user rights identification There x that one became T
For example:
TMP directory
[Email protected] temp]# ll-d/usr/tmp/
DRWXRWXRWT. 2 root root 4096 October 9 09:25/usr/tmp/
Setting the adhesive position
1 for the sticky position
chmod 1755 Directory Name
chmod o+t Directory Name
Remove the sticky position
chmod 755 Directory Name
chmod o-t Directory Name

Special permissions for Rights management files in Linux