SUID instances of Linux special permissions

Linux File Special permissions

Suid:set UID

Brief introduction:

SUID permissions are valid only for binary programs

Performers need to have executable permissions for the program

This permission is valid only in the process of executing the program, The performer will have the permissions of the owner of the program

When a file has suid permissions, the user has the permission to execute the file to get the file's owner permission

SGID

Brief introduction:

User is able to enter this directory when it has r and X permissions for this directory

User's active group in this directory will become a group of that directory

If user has permission to W in this directory, the group of new files created by the user is the same as the group of this directory

Sticky bit (only valid for directory)

Brief introduction:

The user has w,x permissions on this directory, that is, when there is write permission, When you create a file or directory under this directory, only you and root have the power to delete

Let's talk about SUID here.

Create a file that only root has permission to read and write

[Email Protected]:~/tmp$whoami xuebaiji[email protected]:~/tmp$ll/tmp/test.txt-rw-------1 root root-18:05/tm P/test.txt[email protected]:~/tmp$cat/tmp/test.txt Cat:/tmp/test.txt:permission denied[email protected]:~/tmp$cat/ Tmp/test.txt Cat:/tmp/test.txt:permission denied[email protected]:~/tmp$sudo cat/tmp/test.txt Hello xbzy007 SUID tes T

Prepare a simple program to read the above file

[Email protected]:~/tmp$cat test.c #include "stdio.h" int main () {FILE *fp;      Char ch;           if ((Fp=fopen ("/tmp/test.txt", "R")) ==null) {printf ("File cannot be opened\n");       Exit (1);       } while ((CH=FGETC (FP))!=eof) FPUTC (ch,stdout);   Fclose (FP); }

Compile the program to run

[Email Protected]:~/tmp$sudo gcc-o test-c test.c [email protected]:~/tmp$[email protected]:~/tmp$./test-c file CA Nnot be opened

The prompt cannot be opened because only root can read the file

Down to the binary program plus SUID permissions, look at

[Email protected]:~/tmp$sudo chmod u+s test-c [email protected]:~/tmp$./test-c Hello xbzy007 SUID test[email prot ected]:~/tmp$

Haha, the miracle appeared, smoothly read out the contents of the file, to this SUID experiment completed, do not know if you see the harvest it?

The following will demonstrate the use of other special permissions, 3KS

This article is from the "Xbzy" blog, make sure to keep this source http://xbzy007.blog.51cto.com/3851088/1900679

SUID instances of Linux special permissions