1: The function of SetUID
Only executable binary programs can set SUID permissions. (It doesn't make sense to set other files), the command executor should have x (execute) permission to the program, and the command executor obtains the identity of the program file when executing the program (the soul is attached during the execution of the program The owner of the file is equivalent to the transformation command), SetUID permission means that it is valid during the execution of the program, which means that the identity change is only valid during the execution of the program.
The passwd command has SetUID permission, so ordinary users can modify their own passwords
In the owner's authority, s is the SUID authority, in the belonging group, s is the SGID authority, and in others, s is the SBID authority.
The cat command does not have SetUID permission, so ordinary users cannot view the contents of the / etc / shadow file
2: Set SetUID method
4 stands for SUID, 2 stands for SGID, 1 stands for SBID 7 stands for SUID, SGID, SBID, chmod 4755 file name; chmod u + s file name
If you use chmod u + s test
s is capitalized. This is because it is wrong. Because the function description of SetUID emphasizes that the command executor must have execution authority for the program, it will report an error.
3: The method to cancel SetUID
Use the chmod command to modify the file permissions to the previous ones. Or use the chmod us file name to modify.
4: Dangerous SetUID
It is best not to modify it casually.
5: The role of SetGID for files:
Only executable binary programs can set SGID permissions; the command executor must have x (execute) permissions on the program; when the command is executed, the group identity is upgraded to the group of the program file, and the SetGID permission is also only on This program is valid during the execution of the program, which means that the group identity change is only valid during the program.
Use the locate command to search for the location of the file (the file created in the tmp directory cannot be found), because this command is found under the database 
, so the speed is fast, but you must use updatedb to update the database before using it.
/ usr / bin / locate is an executable binary program that can be given an SGID. The executing user yanglinux has execute permission on the / usr / bin / locate command. When the locate command is executed, the group identity is upgraded to the slocate group, and the slocate team / var The /lib/mlocate/mlocate.db database has r permissions, so ordinary users can use the locate command to query the mlocate.db database. After the command ends, the group identity of the yanglinux user returns to the yanglinux group.
6: The role of SetGID for the directory (the special feature SUID does not have this feature)
Ordinary users must have r and x permissions on this directory to enter this directory; ordinary users in this directory effective group will become a group of this directory; if ordinary users have w permissions on this directory, the default for new files The genre group is the genre group of this directory.
Settings: chmod g + s file / directory or chmod 2755 directory / file name
Delete: chmod gs file / directory or chmod 755 directory / file name
7: SBIT (Sticky BIT) adhesion position
The sticky bit is currently only valid for the directory; ordinary users have w and x permissions on the directory, that is, ordinary users can have write permissions in this directory; if there is no sticky bit, because ordinary users have w permissions, all can delete this directory All documents, including those created by their special users. Once the sticky bit is given, except root can delete all files, ordinary users can delete files created by themselves even if they have w permission, but they cannot delete files created by other users. The main function is to prevent the files created in this directory from being deleted by other users for the 777 permissions directory.
Setting: chmod 1755 directory name or chmod o + t directory name
Delete: chmod 777 directory name or chmod ot directory name
