Shulou(Shulou.com)06/01 Report--

This article mainly explains how to use the three special permissions setuid, setgid and stick bit of linux. Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let Xiaobian take you to learn "Linux three special permissions setuid, setgid and stick bit use method"!

1. Explanation of setuid and setgid

Take a look at where it is used in the system, for example/etc/passwd and/usr/bin/passwd:

The code is as follows:

[root@Salve1 school]# ll /etc/passwd /usr/bin/passwd

-rw-r--r-- 1 root root 2005 Apr 23 01:25 /etc/passwd

-rwsr-xr-x 1 root root 23420 Aug 11 2010 /usr/bin/passwd

[root@Salve1 school]#

The permissions of/etc/passwd are-rw-r--r--that is, the owner of the file has read and write permissions, while members of the user group and other members have only view permissions. We know that in the system we want to modify a user's password, root users and ordinary users can use the command/usr/bin/passwd someuser to modify this file/etc/passwd, root users themselves have write permissions to/etc/passwd, understandable; For ordinary users, setuid is used here. The function of setuid is to "let the user who executes the command execute it with the permission of the owner of the command." That is, ordinary users will have root permission when executing passwd, so that they can modify the file/etc/passwd. Its symbol is: s, and it appears where x is, for example: -rwsr-xr-x. Setgid has the same meaning as setgid, that is, let the user executing the file execute with the permissions of the group to which the file belongs.

2. stick bit

Take a look at where it is used in the system, for example/tmp:

The code is as follows:

[root@Salve1 /]# ll -d /tmp

drwxrwxrwt 13 root root 4096 Apr 23 02:06 /tmp

[root@Salve1 /]#

We know that/tmp is the temporary file directory of the system. All users have all permissions under this directory, that is, they can create, modify and delete files arbitrarily under this directory. If user A creates a file under this directory and user B deletes the file, we cannot allow this situation. To achieve this goal, the concept of stick bit has emerged. It is for the directory, if the directory set the stick bit (sticky bit), then the files under the directory except the file creator and root user can delete and modify the stuff under the/tmp directory, other users can not move others, this is the role of sticky bit.

3. How to set the above special permissions

The code is as follows:

chmod u+s xxx #Set setuid permissions

chmod g+s xxx #Set setgid permissions

chmod o+t xxx #Set stick bit permissions for directories

chmod 4775 xxx #Set setuid permissions

chmod 2775 xxx #Set setgid permissions

chmod 1775 xxx #Set stick bit permissions for directories

Note: Sometimes you set the s or t permission, you will find that it becomes S or T, this is because you do not have x (executable) permission to it at that position, so this setting will not work, you can first give it x permission, and then give s or t permission.

At this point, I believe that everyone has a deeper understanding of "the use of three special permissions setuid, setgid and stick bit in linux", so let's actually operate it! Here is the website, more related content can enter the relevant channels for inquiry, pay attention to us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.