Shulou(Shulou.com)06/02 Report--

When you view file permissions on Linux, you sometimes see more than just normal r, w, x, and -. How to understand more clearly what these characters are trying to tell you and how these permissions work?

When you view file permissions on Linux, you sometimes see more than just normal r, w, x, and -. In addition to seeing rwx in owners, groups, and others, you may see s or t, as shown in the following example:

Drwxrwsrwt

One way to be more specific is to use the stat command to view permissions. The fourth line of output from stat displays file permissions in octal and string format:

$stat / var/mail File: / var/mail Size: 4096 Blocks: 8 IO Block: 4096 directoryDevice: 801h/2049d Inode: 1048833 Links: 2Access: (3777/drwxrwsrwt) Uid: (0 / root) Gid: (8 / mail) Access: 2019-05-21 19Fran 23 purl 15.769746004-0400Modify: 2019-05-21 19hand03Fr0 48.226656344-0400Change: 2019-05-21 19Fr03Fran 48.226656344-0400 Birth:-

This output prompts us that more than 9 digits are assigned to file permissions. In fact, there are 12. These additional three bits provide a way to assign more than the usual read, write, and execute permissions-for example, 3777 (binary 011111111111) indicates that two additional settings are used.

The first 1 (second bit) of this value indicates SGID (set GID), which gives temporary permissions to run files, or uses directories with the permissions of the associated group.

011111111111

SGID assigns temporary permissions to the user who is using the file as a member of the group.

The second 1 (third) is the "adhesion" bit. It ensures that only the owner of the file can delete or rename the file or directory.

011111111111

If the permission is 7777 instead of 3777, we know that the SUID (set UID) field is also set.

111111111111

SUID assigns temporary permissions to the user who is using the file as the owner of the file.

As for the / var/mail directory we saw above, all users need to access it, so some special values are needed to provide it.

But now let's go one step further.

A common use of special permission positions is to use commands such as passwd. If you look at the / usr/bin/passwd file, you will notice that the SUID bit is set, which allows you to change your password (and the contents of the / etc/shadow file), even if you are running as a normal (unprivileged) user and do not have read or write permissions to the file. Of course, the passwd command is smart and does not allow you to change other people's passwords unless you are running as root or using sudo.

$ls-l / usr/bin/passwd-rwsr-xr-x 1 root root 63736 Mar 22 14:32 / usr/bin/passwd$ ls-l / etc/shadow-rw-r- 1 root shadow 2195 Apr 22 10:46 / etc/shadow

Now, let's take a look at what you can do with these special permissions.

How to assign special file permissions

Like many things on the Linux command line, you can set them in different ways. The chmod command allows you to change permissions numerically or using character expressions.

To change file permissions digitally, you can use this command to set the SUID and SGID bits:

$chmod 6775 tryme

Or you can use a command like this:

$chmod ug+s tryme < = for SUID and SGID permissions

If the file you want to add special permissions to is a script, you may be surprised that it doesn't live up to your expectations. This is a very simple example:

$cat trymetered hammer BASHECO I am $USER

Even if the SUID and SGID bits are set, and root is the file owner, running the script will not produce the "I am root" you might expect. Why? Because Linux ignores the SUID and SGID bits of the script.

$ls-l tryme-rwsrwsrwt 1 root root 29 May 26 12:22 tryme$. / trymeI am jdoe

On the other hand, if you try something similar to a compiled program, like the simple C program below, you will see different results. In this sample program, we prompt the user to enter a file name and create it, and write permissions to the file.

# includeint main () {FILE * fp; / * file pointer*/ char fName [20]; printf ("Enter the name of file to be created:"); scanf ("% s", fName); / * create the file with write permission * / fp=fopen (fName, "w"); / * check if file was created * / if (fp==NULL) {printf ("File not created"); exit (0) } printf ("File created successfully\ n"); return 0;}

After compiling the program and running the command to make the root user the owner and setting the required permissions, you will see that it runs with the expected root permissions-leaving the newly created root as the owner of the file. Of course, you must have sudo permission to run some of the commands you need.

$cc-o mkfile mkfile.c < = compiler $sudo chown root:root mkfile

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.