Shulou(Shulou.com)06/01 Report--

This article will explain in detail what the additional permissions are in the Linux system. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

The additional permissions in Linux system mainly refer to SET UID / GID/BIT.

One: Set UID 1: set object: executable file. After the setting is completed, the user of this file will temporarily obtain the identity and some permissions of the owner of the file during the process of using the file. 2: setting location: Set UID is appended to the x permission bit of the file owner 3: change after setting: the x permission bit of the owner of this file will be changed to s. 4: command: chmod executable file

Here is a simple example:

The binary file for the [root@server ~] # which mkdir / usr/bin/mkdir # mkdir command is / usr/bin/mkdir root@server ~] # ls-l / usr/bin/mkdir-rwxr-xr-x. 1 root root 79712 January 25 2014 / usr/bin/mkdir [root@server ~] # chmod Utility / usr/bin/mkdir # modify file permissions, append Set UID [root@server ~] # ls-l / usr/bin/mkdir-rwsr-xr-x. 1 root root 79712 January 25 2014 / usr/bin/mkdir # View file owner permissions X bit has been changed to s. At this point, when other users use the mkdir command, they will have the identity and partial permissions of the owner of this file. [root@server] # useradd tom [root@server ~] # su-tom [tom@student0 ~] $/ usr/bin/mkdir / opt/UID [tom@student0 ~] $ls-ld / opt/UID drwxrwxr-x. 2 root tom 6 Sep 10 19:46 / opt/UID # tom the owner of the newly created directory is root. 123456789101112131415161718192021 II: Set Gid 1: set object: after the directory setting is completed, Set GID can automatically set the new documents under the directory to the same subordinate group as the parent directory, so that the new child documents automatically inherit the group of the parent directory 2: setting location: Set GID is attached to the x permission bit of the group to which the directory belongs. 3: change after setting: the x permission bit of the group to which this directory belongs will become s. 4: command: chmod Groups directory

Here is a simple example:

Root@server ~] # mkdir / world # create a directory under the root directory world [root@server ~] # ls-ld / world drwxr-xr-x. 2 root root September 10 20:20 / world [root@server ~] # groupadd renshibu [root@server ~] # chown: renshibu / world [root@server ~] # ls-ld / world drwxr-xr-x. 2 root renshibu September 10 20:20 / world # modify the group to which this file belongs [root@server ~] # chmod genders / world # add Set Gid permissions. [root@server] # ls-ld / world drwxr-sr-x. 2 root renshibu September 10 20:20 / world # at this time the file belongs to a group x permission bit has been changed s [root@server ~] # mkdir-p / world/aa/bb/cc # recursively create a subdirectory [root@server ~] # ls-ld/ world/aa drwxr-sr-x. 3 root renshibu 15 September 10 20:25 / world/aa [root@server] # ls-ld/ world/aa/bb drwxr-sr-x. 3 root renshibu 15 September 10 20:25 / world/aa/bb [root@server] # ls-ld/ world/aa/bb/cc drwxr-sr-x. 2 root renshibu September 10 20:25 / world/aa/bb/cc # see here that the subdirectory under / world has automatically inherited the group of the / world directory. 1234567891011121314151617181920212232425262728 3: Sticky Bit 1: setting object: opening W permission directory can prevent users from abusing w write permission (forbidding manipulating other people's documents) 2 setting location: Sticky Bit is attached to the x permission bit of other people in the file 3: change after setting: the x permission bit of other people in this directory will be changed to t 4: command: chmod directory

Here is a simple example:

[root@server] # mkdir / public [root@server] # ls-ld / public drwxr-xr-x. 2 root root September 10 20:43 / public [root@server ~] # chmod 777 / public [root@server] # ls-ld / public drwxrwxrwx. 2 root root 6 September 10 20:43 / public # create a public directory where everyone can operate Full permissions [root@server ~] # su-tom [tom@student0 ~] $touch / public/tom.txt [tom@student0 ~] $exit logout [root@server ~] # su-lily [lily@student0 ~] $touch / public/lily.txt [lily@student0 ~] $ls / public lily.txt tom.txt # tom and lily each create their own file [lily@student0 ~] $rm-rf / public/tom.txt [lily@student0 ~] $ Ls / public lily.txt # anyone can modify it at this time Delete any files or directories in this public directory, including files created by others. Tom files are deleted by lily. [lily@student0 ~] $exit logout [root@server ~] # chmod ostent / public [root@server ~] # ls-ld / public drwxrwxrwt. 2 root root 21 September 10 20:48 / public # modify the Sticky Bit permission, notice that the other people's x permission bit has become t [root@server ~] # su-tom [tom@student0 ~] $touch / public/tom001 [tom@student0 ~] $ls / public lily.txt tom001 [tom@student0 ~] $rm-rf / public/lily.txt rm: cannot remove'/ public/lily.txt': Operation not permitted # at this time tom wants to delete the file created by lily and finds that it no longer has the permission. [tom@student0 ~] $exit logout [root@server ~] # su-lily [lily@student0 ~] $ls / public lily.txt tom001 [lily@student0 ~] $rm-rf / public/tom001 rm: cannot remove'/ public/tom001': Operation not permitted # similarly, lily does not have permission to operate on the files created by tom and can only operate on the files created by itself. This is the end of the article on "what are the additional permissions in the Linux system". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.