=
Picking up in the morning and evening~~ I have some knowledge from reading books many years ago~~
=
File special permission setting bit S and attachment bit T under linux
https://www.cnblogs.com/zhangming-blog/articles/5956280.html
1. Set bit S
In order to allow general users to temporarily have the execution authority of the main/group to which the file belongs. For example, /usr/bin/passwd needs to modify files such as /etc/passwd and /etc/shadow when executing it. Except for root, other users have no write permission to these files, but in order to allow ordinary users to modify their own passwords, only temporarily give them root privileges. So this s permission is used to complete this special task. s permissions can only be applied to binary executables.
If you don't want ordinary users to change their own passwords, just [root@localhost ~]# chmod us /usr/bin/passwd or [root@localhost ~]# chmod 0755 /usr/bin/passwd
The leading 0 of 0755 means that no special permissions are used. The number on this bit can be 0, 1(--t), 2(-s-), 3(-st), 4(s--), 5( st),6(ss-),7(sst)
2. Attachment position T
Only valid for directories, it means that only the owner and root can delete (rename/move) files in the directory. For example, the /tmp directory is inherently readable and writable by any user. If others can arbitrarily delete (rename/move) their own files, wouldn't it be very dangerous, so this t permission is to solve this problem.
The following is an example to understand the usage of this t permission:
(1) The root user creates a test directory in the /tmp directory, and sets the relevant permission of the test directory to 1777 (with special permission t)
[root@localhost tmp]# mkdir test [root@localhost tmp]# chmod 1777 test [root@localhost tmp]# ls -ld test drwxrwxrwt. 2 root root 4096 Oct 12 22:31 test
(2) Switch to the first user zhangming, create a new file aaa.txt in the test directory, and write the data
[root@localhost tmp]# su zhangming [zhangming@localhost tmp]$ touch test/aaa.txt [zhangming@localhost tmp]$ echo "hello" >> test/aaa.txt [zhangming@localhost tmp]$ ls -l test total 4 -rw-rw-r--. 1 zhangming zhangming 6 Oct 12 22:34 aaa.txt
(3) Switch to the second user shuihuo379, try to delete the file aaa.txt created by the zhangming user, at this time it prompts that it cannot be deleted
[zhangming@localhost tmp]$ su shuihuo379 [shuihuo379@localhost tmp]$ ls -l test/aaa.txt -rw-rw-r--. 1 zhangming zhangming 6 Oct 12 22:34 test/aaa.txt [shuihuo379@localhost tmp]$ rm test/aaa.txt rm: remove write-protected regular file `test/aaa.txt'? y rm: cannot remove `test/aaa.txt': Operation not permitted
(4) 重新切换到root用户,执行删除权限位t操作
[shuihuo379@localhost tmp]$ su [root@localhost tmp]# chmod -t test [root@localhost tmp]# ls -ld test drwxrwxrwx. 2 root root 4096 Oct 12 22:33 test
(5) 再次切换到用户shuihuo379,尝试删除zhangming用户创建的文件aaa.txt,此时删除成功,zhangming用户创建的文件aaa.txt已经不存在了
[root@localhost tmp]# su shuihuo379 [shuihuo379@localhost tmp]$ ls -l test total 4 -rw-rw-r--. 1 zhangming zhangming 6 Oct 12 22:34 aaa.txt [shuihuo379@localhost tmp]$ rm test/aaa.txt rm: remove write-protected regular file `test/aaa.txt'? y [shuihuo379@localhost tmp]$ ls -l test total 0
=
=
=