Shulou(Shulou.com)06/02 Report--

Preface

Linux's rights management of files is amazing. Let's review the role of SUID,SGID and SBIT and summarize them.

In fact, the functions of SUID and SGID are similar to those of sudo. When user A wants to execute an executable file that originally belongs to user B, if the file of B sets the suid bit, then An executes as user B.

SUID is the abbreviation of Set UID, which translates to set up user ID, which feels very awkward, but still feels that SUID is the simplest. It appears on the execution bit of the file owner permission, and a file with this permission gives the caller temporary access to the file owner when it executes. For example, use the following command:

Ls-l / usr/bin/passwd

We will get the following results:

-rwsr-xr-x 1 root root 42824 Sep 13 2012 / usr/bin/passwd

As you can see, the file owner's execution bit appears as s instead of x, so the passwd program has SUID permissions. Until we changed the user's password, we used the passwd command, and we know that under linux, the user's password is stored in the / etc/shadow file. First take a look at the permissions of the / etc/shadow file:

Ls-l / etc/shadow

The result returned is as follows:

-rw-r- 1 root shadow 1138 Dec 13 20:00 / etc/shadow

From the above results, we know that only root can write data to the shadow file, and other users do not even have permission to view it. So how do we usually change the password? Yes, it's about SUID. When we use the passwd command, we get the permission of the owner of the passwd, the root, to write to the shadow file.

Using SUID must satisfy a few points:

1.SUID is only valid for binaries

two。 The caller has the right to execute the file

3. During execution, the caller will temporarily obtain the owner permission of the file

4. This permission is valid only during the execution of the program

In "Brother Bird's linux Cuisine", there is a picture that particularly expresses this meaning:

SGID, an acronym for Set GID, appears on the execute bit of the group permission to which the file belongs, and is valid for both normal binary files and directories. When it works on a normal file, similar to SUID, when the file is executed, the user will be given permission to the group to which the file belongs. When SGID acts on a directory, it makes a lot of sense. When a user has write and execute permissions to a directory, the user can create files in that directory. If the directory is decorated with SGID, the files created by the user in this directory belong to the group to which the directory belongs.

SBIT, or Sticky Bit, appears on the execution bits of other user permissions, and it can only be used to decorate a directory. When a directory has SBIT permission, any user who can create files in this directory, the files created by the user in this directory, only the user and root can delete, other users can not. For example:

Ls-ld / tmp

The following results can be obtained:

Drwxrwxrwt 12 root root 12288 Dec 17 16:33 / tmp

You can see that the last bit is t, which means that the / tmp file is such a file.

So, how do you set the three permissions mentioned above? First of all, let's introduce a little bit of preparatory knowledge, using numbers to represent permissions:

4 means SUID

2 means SGID

1 means SBIT

If two or three permissions exist at the same time, adding the value of the author's write permission is the desired result. If it is beneficial to the coexistence of SUID and SGID, it is 6. Here's an example of a modification:

Chmod 4777 test

Make test files with SUID permissions, you may have seen clearly, is in front of ordinary file permissions plus these special permission values on it.

Summary

The above is the whole content of this article, I hope that the content of this article has a certain reference and learning value for your study or work, if you have any questions, you can leave a message and exchange, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.