User's special rights
1. Special bit
1 、 south
When suid targets files/programs, it has the permission to temporarily obtain the owner.
suid (s—replace uid—user address) ----s chmod u+s usr/bin/cat (grant cat-s permission)
2、sgid
For directory authorization, you can create new files under the directory and inherit the group permissions of the directory.
⑴ , create a directory
mkdir /tmp/dir-sgid
⑵ , create users and groups
groupadd xiaozu
useradd u1 -G xiaozu
useradd u2 -G xiaozu
⑶ , modify the permissions of the directory
chown .xiaozu /tmp/dir-sgid
chmod g=rwx /tmp/dir-sgid
⑷ , switch user test
su - u1
touch /tmp/dir-sgid/u1-1.txt
su - u2
touch /tmp/dir-sgid/u2-1.txt
⑸ , increase the sgid bit
chmod g+s /tmp/dir-sgid/
Observe that when the user creates a new file, the file will automatically inherit the group of the directory
3、stick
For directory settings, only the owner can delete files in the directory
chmod o + t / tmp / dir-sgid /
Switch users, you can only delete your own files.
2. File attribute chattr
1. Purpose
It is often used to lock a file and refuse to modify it.
2. Classification
3. Case
⑴ First create a new file for comparison. View the default permissions.
[root@localhost ~]# touch file100
[root@localhost ~]# lsattr file100
-------------- file100
⑵ , add the attributes that cannot be deleted.
[root@localhost ~]# chattr +i file100
⑶ , view different attributes
[root@localhost ~]# lsattr file100
---- i --------- file100
⑷ , try to delete
[root@localhost ~]# rm -rf file100
rm: cannot remove `file100': Operation not permitted
⑸ 、Restore the attributes
[root@localhost ~]# chattr -i file100
Three, process mask umask
Example 1: To create a file in the shell process, first check the umask permission of the current user
[root@localhost ~]# umask
0022
[root@localhost ~]# touch file800
[root@localhost ~]# mkdir dir800
[root@localhost ~]# ll -d dir800 file800
drwxr-xr-x. 2 root root 4096 3月 11 19:40 dir800
-rw-r - r--. 1 root root 0 3月 11 19:40 file800
Example 2: Modify the shell umask value (temporary)
[root@localhost ~]# umask 000
[root@localhost ~]# mkdir dir900
[root@localhost ~]# touch file900
[root@localhost ~]# ll -d dir900 file900
drwxrwxrwx. 2 root root 4096 3月 11 19:44 dir900
-rw-rw-rw-. 1 root root 0 3月 11 19:44 file900