Shulou(Shulou.com)06/02 Report--

Common permissions

There are three identities in the linux system: owner g: group o: others

These identities have the following permissions for those commonly used in documents:

R: read permission, users can read the contents of the document, such as using cat,more to view

W: write permission, and users can edit the document

X: this directory has permissions that can be executed by the system

Other permissions

In addition to read-write execution permissions, the system also supports mandatory bits (s permissions) and sticky bits (t permissions).

S permission

S permission: set the file to have the permission of the file owner at run time, which is equivalent to temporarily owning the identity of the file owner. The typical file is passwd. If the average user executes the file, the file can get root permission during execution, so that the user's password can be changed.

Ls-al / usr/bin/passwd-rwsr-xr-x 1 pythontab pythontab 32988 2018-03-16 14:25 / usr/bin/passwd

We can set s permissions through character mode: chmod astats filename, or we can set s permissions in absolute mode:

Set suid: set the bit before the corresponding permission bit to 4

Set guid: set the bit before the corresponding permission bit to 2

Set both: set the bit before the corresponding permission bit to 4-2-6.

Note: when setting the s permission, the file owner and group must first set the corresponding x permission, otherwise the s permission will not really take effect (the chmod command does not perform the necessary integrity check, even if the s permission is set without setting the x permission, chmod will not report an error. When we see rwS when we ls-l, uppercase S indicates that the s permission is not in effect)

T permission

T permission: to delete a document, you do not have to have write access to the document, but you must have write access to the parent directory of the document. In other words, even if you do not have write access to a document, but you have write access to the parent directory of the document, you can delete the document, and if you do not have write access to a directory, you cannot create a document in this directory.

T permission can play this role in how to enable a directory to allow any user to write to a document without allowing the user to delete other people's documents in that directory. T permissions are generally used only on directories, not on documents.

After setting the t permission bit in a directory (such as / home, permission is 1777), any user can create documents in this directory, but can only delete their own documents (except root), which has a protective effect on the user documents in the directory that any user can write.

T permissions can be set through chmod + t filename

Let's sum it up here.

S or S (SUID,Set UID):

If an executable file is matched with this permission, you will be given the privilege of arbitrarily accessing all system resources available to the owner of the file. Please pay attention to files with SUID permissions, which are often used by hackers to use SUID with root account owners to silently open a back door in the system for future use.

T or T (Sticky):

The / tmp and / var/tmp directories provide temporary access to files for all users, that is, each user has full access to the directory to browse, delete and move files.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.