Shulou(Shulou.com)06/01 Report--

SUID: when running a program, the owner of the corresponding process is the owner of the program file itself, not the initiator

Chmod Umurs FILENAME (add SUID permission) chmod Umurs FILENAME (remove SUID permission)

If FILE itself already has execute permission, SUID is displayed as s; otherwise, S is displayed.

The passwd command has SUID permission by default

SGID: when running a program, the subordinate group of the corresponding process is the subordinate group of the program file itself, not the initiator

(after the directory has SGID permission, when you create a file directory under this directory, the created subordinate group is the subordinate group of the directory itself.)

Chmod SGID FILENAME (add SGID permission) chmod Gmurs FILENAME (remove SGID permission)

Sticky: in a public directory, each user can create files and delete their own files, but cannot delete other people's files

Chmod Sticky DIR (add Sticky permission) chmod Omurt DIR (remove Sticky permission)

Permissions represent SUID: 4 SGID: 2 Sticky: 1

Chmod 1755 / tmp/test # test has 755 permissions (1: with Sticky permissions)

Chmod 3755 / tmp/test # test has 755 permissions (2: with SGID permissions + 1: with Sticky permissions)

Chmod 5755 / tmp/test # test has 755 permissions (4: with SUID permissions + 1: with Sticky permissions)

SUID: an example test gives an ordinary user permission to view a specified file (user1 users can view / etc/shadow files)

[root@nono ~] # useradd user1 # add user user1 [root@nono ~] # passwd user1 [root@nono ~] # ls-l / etc/shadow # View / etc/shadow file, so no one can view it except root. 1 root root 1053 July 3 09:54 / etc/shadow [root@nono ~] # su-user1 # switch to user1 user should be / etc/ [user1@nono ~] $cat / etc/shadow # user1 user does not have permission to view cat: / etc/shadow: insufficient authority [root@beiyong2 ~] # chmod UBSs / bin/cat # add the SUID command to the / bin/cat command, then the cat command is executed by the owner of the file itself Instead of the initiator [root@beiyong2 ~] # ls-l / bin/cat # SUID command added successfully (if / bin/cat itself has the permission to execute, after adding the SUID command, it will be displayed as s otherwise S)-rwsr-xr-x. 1 root root 48568 October 15 2014 / bin/cat [user1@beiyong2 ~] $cat / etc/shadow # user1 can view bin:*:15980:0:99999:7:::daemon:*:15980:0:99999:7:::

SGID: an example tests that three users can create a file directory in the same directory and modify the file contents with each other.

[user1@beiyong2 ~] $tail-5 / etc/passwd # there are three users in the current system user1:x:500:500::/home/user1:/bin/bashhbase:x:501:501::/home/hbase:/bin/bashhadoop:x:502:502::/home/hadoop:/bin/bash [root@beiyong2 tmp] # mkdir project # create a new directory / project [root@beiyong2 tmp] # groupadd developteam in the / tmp directory # add developteam user group [root@beiyong2 tmp] # chown-R: developteam / tmp/project # change the subordinate group of / tmp/project directory to developteam [root@beiyong2 tmp] # ls-ld projectdrwxr-xr-x. 2 root developteam 4096 July 9 02:15 project [root@beiyong2 tmp] # usermod-a-G developteam user1 # change the additional group of the three users to developteam [root@beiyong2 tmp] # usermod-a-G developteam hadoop [root@beiyong2 tmp] # usermod-a-G developteam hbase [root@beiyong2 project] # ls-ld # to view the project directory, if the group does not have write permission, add drwxr-xr-x. 2 root developteam 4096 July 9 02:15. [root@beiyong2 project] # chmod Grouw / tmp/project [root@beiyong2 project] # ls-lddrwxrwxr-x. 2 root developteam 4096 July 9 02:15. [root@beiyong2 project] # ll # create files (a.*) in the / tmp/project directory with three accounts respectively, and do not have permission to edit other people's files-rw-rw-r--. 1 hadoop hadoop July 9 02:33 a. Hadoopmuri RW Murray RW Murray. 1 hbase hbase July 9 02:34 a. Hbasemuri RW Murray RW Murray. 1 user1 user1 July 9 02:33 a.user1 [root@beiyong2 ~] # chmod gears / tmp/project # add SGID permissions to the / tmp/project directory [root@beiyong2 ~] # ls-ld / tmp/projectdrwxrwsr-x. 2 root developteam 4096 July 9 02:34 / tmp/project [root@beiyong2 project] # ll # after adding SGID permissions, create files (b. *) under the / tmp/project directory with three users (b. *) the total amount is 0m / r / r. 1 hadoop hadoop July 9 02:33 a. Hadoopmuri RW Murray RW Murray. 1 hbase hbase July 9 02:34 a. Hbasemuri RW Murray RW Murray. 1 user1 user1 0 July 9 02:33 a. User1 Murray RW Murray RW Murray. 1 hadoop developteam July 9 02:37 b.Hadoopmuri RW Murray RW Murray. 1 hbase developteam July 9 02:37 b.hbasecopyright rwmuri rwmuri. 1 user1 developteam 0 July 9 02:37 b.user1

The files created by the three users are all developteam, so they can edit and delete each other's files.

Sticky: an example tests that users can create files and modify each other in the same directory, but cannot delete each other's files

[root@beiyong2 project] # chmod Sticky / tmp/project # add Sticky permission to / tmp/project, (original execution permission t, otherwise T) [root@beiyong2 project] # ls-lddrwxrwsr-t. 2 root developteam 4096 July 9 02:42. [hadoop@beiyong2 project] $rm-rf a.hbase # use hadoop to delete files of hbase users. Deletion failed (only one's own file directory can be deleted) rm: unable to delete "a.hbase": disallowed operation

Over.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.