Linux File Special permissions
Suid:set UID
Brief introduction:
SUID permissions are valid only for binary programs
Performers need to have executable permissions for the program
This permission is valid only in the process of executing the program, The performer will have the permissions of the owner of the program
When a file has suid permissions, the user has the permission to execute the file to get the file's owner permission
SGID
Brief introduction:
User is able to enter this directory when it has r and X permissions for this directory
User's active group in this directory will become a group of that directory
If user has permission to W in this directory, the group of new files created by the user is the same as the group of this directory
Sticky bit (only valid for directory)
Brief introduction:
The user has w,x permissions on this directory, that is, when there is write permission, When you create a file or directory under this directory, only you and root have the power to delete
Let's talk about SUID here.
Create a file that only root has permission to read and write
[Email Protected]:~/tmp$whoami xuebaiji[email protected]:~/tmp$ll/tmp/test.txt-rw-------1 root root-18:05/tm P/test.txt[email protected]:~/tmp$cat/tmp/test.txt Cat:/tmp/test.txt:permission denied[email protected]:~/tmp$cat/ Tmp/test.txt Cat:/tmp/test.txt:permission denied[email protected]:~/tmp$sudo cat/tmp/test.txt Hello xbzy007 SUID tes T
Prepare a simple program to read the above file
[Email protected]:~/tmp$cat test.c #include "stdio.h" int main () {FILE *fp; Char ch; if ((Fp=fopen ("/tmp/test.txt", "R")) ==null) {printf ("File cannot be opened\n"); Exit (1); } while ((CH=FGETC (FP))!=eof) FPUTC (ch,stdout); Fclose (FP); }
Compile the program to run
[Email Protected]:~/tmp$sudo gcc-o test-c test.c [email protected]:~/tmp$[email protected]:~/tmp$./test-c file CA Nnot be opened
The prompt cannot be opened because only root can read the file
Down to the binary program plus SUID permissions, look at
[Email protected]:~/tmp$sudo chmod u+s test-c [email protected]:~/tmp$./test-c Hello xbzy007 SUID test[email prot ected]:~/tmp$
Haha, the miracle appeared, smoothly read out the contents of the file, to this SUID experiment completed, do not know if you see the harvest it?
The following will demonstrate the use of other special permissions, 3KS
This article is from the "Xbzy" blog, make sure to keep this source http://xbzy007.blog.51cto.com/3851088/1900679
SUID instances of Linux special permissions