User's special rights

Enterprise 2021-03-20 20:28:21 views: null

User's special rights

1. Special bit

1 、 south

When suid targets files/programs, it has the permission to temporarily obtain the owner.

suid (s—replace uid—user address) ----s chmod u+s usr/bin/cat (grant cat-s permission)

2、sgid

For directory authorization, you can create new files under the directory and inherit the group permissions of the directory.

, create a directory

mkdir     /tmp/dir-sgid

, create users and groups

groupadd  xiaozu

useradd   u1   -G  xiaozu

useradd   u2   -G xiaozu

, modify the permissions of the directory

chown  .xiaozu   /tmp/dir-sgid

chmod     g=rwx  /tmp/dir-sgid

, switch user test

su - u1

touch    /tmp/dir-sgid/u1-1.txt

su - u2

touch    /tmp/dir-sgid/u2-1.txt

, increase the sgid bit

chmod g+s  /tmp/dir-sgid/

Observe that when the user creates a new file, the file will automatically inherit the group of the directory

3、stick

For directory settings, only the owner can delete files in the directory

chmod o + t / tmp / dir-sgid /

Switch users, you can only delete your own files.

2. File attribute chattr

1. Purpose

It is often used to lock a file and refuse to modify it.



2. Classification

 image.png

3. Case

First create a new file for comparison. View the default permissions.

[root@localhost ~]# touch file100

[root@localhost ~]# lsattr file100

-------------- file100

, add the attributes that cannot be deleted.

[root@localhost ~]# chattr +i file100

, view different attributes

[root@localhost ~]# lsattr file100

---- i --------- file100

, try to delete

[root@localhost ~]# rm -rf file100

rm: cannot remove `file100': Operation not permitted

Restore the attributes

[root@localhost ~]# chattr -i file100

Three, process mask umask

Example 1: To create a file in the shell process, first check the umask permission of the current user

[root@localhost ~]# umask           

0022

[root@localhost ~]# touch file800

[root@localhost ~]# mkdir dir800

[root@localhost ~]# ll -d dir800 file800

drwxr-xr-x. 2 root root 4096 3月  11 19:40 dir800

-rw-r - r--. 1 root root 0 3月 11 19:40 file800

Example 2: Modify the shell umask value (temporary)

[root@localhost ~]# umask 000

[root@localhost ~]# mkdir dir900

[root@localhost ~]# touch file900

[root@localhost ~]# ll -d dir900 file900

drwxrwxrwx. 2 root root 4096 3月  11 19:44 dir900

-rw-rw-rw-. 1 root root    0 3月  11 19:44 file900

 

 


Guess you like

Origin blog.51cto.com/15135903/2666670
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com