Shulou(Shulou.com)06/03 Report--

Advanced permissions for cloud computing learning routes for good programmers, suid,sgid,sticky

File rights management: advanced permissions

Question 1: why did you fail?

[root@tianyun ~] # ll / root/file1.txt

-rw-r--r-- 1 root root 4 July 27 14:14 / root/file1.txt

[alice@tianyun ~] $cat / root/file1.txt hierarchical verification, ll-d / ll-d / root (root is forbidden to enter)

Cat: / root/file1.txt: insufficient permissions

Analysis:

Root/ usr/bin/cat (root) (process owner) / root/file1.txt OK

Alice / usr/bin/cat (alice) / root/file1.txt

Ordinary users change their passwords:

Alice / usr/bin/passwd (root) / etc/shadow

Types of advanced permissions

Suid 4

Sgid 2

Sticky 1 sticky position

Set special permissions

A, character

Chmod Utility file

Chmod gears file

Chmod gears dir

Chmod ostent dir

B, number

Chmod 4777 file

Chmod 7777 file

Chmod 2770 dir

Chmod 3770 dir

Example 1:suid ordinary users use suid to increase their rights.

Add suid permissions to process files (binary, executable)

[root@tianyun ~] # chmod Utility / usr/bin/cat

[root@tianyun ~] # chmod Utility / usr/bin/rm

[alice@tianyun ~] $cat / root/file1.txt

Ordinary users can change their passwords:

Alice / usr/bin/passwd / etc/shadow

[alice@tianyun ~] $ll / etc/shadow

-1 root root 1487 June 4 13:43 / etc/shadow

[alice@tianyun ~] $ll / usr/bin/passwd

-rwsr-xr-x. 1 root root 30768 February 17 2012 / usr/bin/passwd

[alice@tianyun ~] $passwd

Change the password of user alice.

Change the STRESS password for alice.

(current) UNIX password:

[root@tianyun ~] # ps aux | grep passwd

Root 3674 0.0 165764 1884 pts/1 S + 14:34 0:00 passwd

-rwsr-xr-x. 1 root root 27832 Jun 10 2014 / usr/bin/passwd

No matter anyone has ROOT users, this is SUID.

At present, there are two ways to increase the rights of ordinary users:

Sudo: understand, targeted, for example, for a user to be able to execute certain commands as root.

Ll / usr/bin/passwd

Suid: basically for all users, any user who executes a program with suid privileges (for example, / usr/bin/rm) is executing as root.

Example 2:sticky users can only delete their own files

[root@tianyun ~] # mkdir / home/dir1

[root@tianyun ~] # chmod 777 / home/dir1

Test: user1 creates a file in / home/dir1, user2 tries to delete it!

[root@tianyun ~] # chmod ostent / home/dir1

[root@tianyun] # ll-d / home/dir1

Rwxrwxrwt 2 root root 4096 09-02 02:26 / home/dir1

Who can delete:

Root

The owner of the file

The owner of the directory

Example 3:sgid new file inherits directory attribute group

[root@tianyun ~] # mkdir / home/hr

[root@tianyun ~] # chgrp hr/ home/hr/

[root@tianyun ~] # chmod gears / home/hr

[root@tianyun] # ll-d / home/hr/

Drwxr-sr-x. 2 root hr 4096 Dec 5 16:03 / home/hr/

[root@tianyun ~] # touch / home/hr/file9

[root@tianyun ~] # ll / home/hr/

-rw-r--r--. 1 root hr 0 Dec 5 16:03 file9

=

Tips: pay attention to the correct permissions of the following directories, otherwise the program will not run properly

[root@wangcy] # ll-d / tmp/ var/tmp/

Drwxrwxrwt 14 root root 4096 07-26 10:15 / tmp

Drwxrwxrwt 2 root root 4096 07-24 19:02 / var/tmp/

Development

Network card profile

[root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

TYPE=Ethernet

BOOTPROTO=none | static | dhcp-sets the ip acquisition method

HWADDR=00:0c:29:5e:13:12

NM_CONTROLLED=no-whether to enable NetworkManager

ONBOOT=yes | no-whether the Nic is activated

IPADDR=172.16.110.1

NETMASK=255.255.255.0

GATEWAY=172.16.110.254

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.