Three special Linux permissions: setuid setgid stick bit

The File Permission mechanism is a major feature of Linux systems. For beginners of Linux, this is a basic permission for readable (r), writable (w), and executable (x. A file has ten permissions, which are divided into three groups. The first one is a group, indicating the file type:

-: Indicates a general file.

D: indicates the directory file.

L: indicates the link file.

B: block Device

C: character device

P: indicates the MPs queue.

S: Socket

However, Linux has three special permissions: setuid, setgid, and stick bit ).

1. setuid and setgid:

Take/etc/passwd and/usr/bin/passwd as examples.

The permission for/etc/passwd is-rw-r --. That is to say, the owner of the file has the read and write permissions, while the user group members and other members only have the viewing permission. We know that we need to change the password of a user in the system, root users and general users can use the "/usr/bin/passwd username" command to modify the/etc/passwd file, the root user has write permissions on/etc/passwd, which can be understood. How can a common user modify the write permissions? Setuid is used here. The role of setuid is to allow the user executing this command to execute it with the permission of the command owner, that is, the common user will have the root permission when executing passwd, in this way, you can modify the/etc/passwd file. It is marked as "s" and will appear in the place of "x", for example, "-rwsr-xr-x. The setgid is the same as the setgid, that is, it allows the user of the execution file to execute with the permissions of the group to which the file belongs.

2. stick bit)

Take/tmp as an example:

We know that/tmp is the temporary file directory of the system. All users have all permissions under this directory, that is, they can create, modify, and delete files under this directory, if user A creates an object in this directory,

User B deleted the file, which is not allowed. To achieve this goal, the stick bit concept emerged. It is for a directory. If stick bit is set for this directory ), in addition to the creator and root user of the file, the files in the directory can delete and modify the stuff in the/tmp directory. Other users cannot touch others, which is the role of the stuck bits.

3. How to set special permissions for files.

Chmod u + s xxx # Set the setuid permission

Chmod g + s xxx # Set setgid permission

Chmod o + t xxx # Set the stick bit permission for the Directory

Chmod 4775 xxx # Set the setuid permission

Chmod 2775 xxx # Set the setgid permission

Chmod 1775 xxx # Set the stick bit permission for the Directory

Note: Sometimes you set the s or t permission, and you will find that it becomes S or T, because you do not have the x (executable) permission for it at that location, in this case, the setting will not be effective. You can grant it the x permission first, and then grant the s or t permission.

Recommended reading:

Linux ACL permission planning: Use getfacl and setfacl

Linux permission supplement: rwt rwT rws rwS special permissions

Linux User and User Group Permissions