• Special File Permission (Setuid, Setgid and Sticky Bits) (ZT)


    http://solsupport.blogspot.com/2012/05/special-file-permission-setuid-setgid.html

    Special File Permission (Setuid, Setgid and Sticky Bits)

    By setting special file permission on any executable file or directories, users who run those executable

    files assumes the user ID of the owner or group of the executable file.

    Hence A user can gain the superuser privileges by executing the programs that sets the user id to root.

    Setuid Permission

    When set-user identification (setuid) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who is running the executable file. This special permission allows a user to access files and directories that are normally only available to the owner. For example, the setuid permission on the passwd command makes it possible for a user to change passwords, assuming the permissions of the root ID

    #ls -l /usr/bin/passwd

    -r-sr-sr-x 3 root sys 96796 Jul 15 21:23 /usr/bin/passwd

    Setuid  permissions can be set by using the chmod command to assign the octal value 4 as the first number in a series of four octal values.

    #chmod 4555 file1
     
     

    Setgid Permission

    The set-group identification (setgid) permission is similar to setuid, except that the process's effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions granted to that group. ex /usr/bin/mail has setgid permission set.

    When setgid permission is applied to a directory, files that were created in this directory belong to the group to which the directory belongs, not the group to which the creating process belongs. Any user who has write and execute permissions in the directory can create a file there. However, the file belongs to the group that owns the directory, not to the user's group ownership.

    Setgid  permissions can be set by using the chmod command to assign the octal value 2 as the first number in a series of four octal values.

    #chmod 2551 file1
    #ls -ltr 
    -r-xr-s—x   1 dj  dj  26876 Jul 15 21:23 file1
    
    
    Sticky Bit
    The sticky bit is a permission bit that protects the files within a directory. If the directory has the sticky bit set, a file can be deleted only by the owner of the file, the owner of the directory, or by root. This special permission prevents a user from deleting other users' files from public directories such as /tmp.
    sticky bits permissions can be set by using the chmod command to assign the octal value 1 as the first number in a series of four octal values.
    # chmod 1777 file1
    # ls -l file1
    drwxrwxrwt   2 dj dj  512 Jul 15 21:23 file1
  • 相关阅读:
    MarkDown语法总结
    HashMap
    [LeetCode] 102. Binary Tree Level Order Traversal(二叉树的中序遍历)
    [LeetCode] 287. Find the Duplicate Number(寻找重复数字)
    [LeetCode] 215. Kth Largest Element in an Array(数组里的第 k 大元素)
    [LeetCode] 39. Combination Sum(组合的和)
    [LeetCode] 49. Group Anagrams(分组相同字母异序词)
    [LeetCode] 48. Rotate Image(旋转图片)
    [LeetCode] 647. Palindromic Substrings(回文子串)
    [LeetCode] 238. Product of Array Except Self(数组除自身元素外的乘积)
  • 原文地址:https://www.cnblogs.com/cqubityj/p/3024253.html
Copyright © 2020-2023  润新知