Introduced earlier SUID and SGID function, then, how to open the file permissions have to become SUID and SGID it? This requires the use of digital change permissions. You should now know that using the digital rights to change the way a combination of "three figures", then, if coupled with a number in front of these three figures, which represent the foremost figures on the several properties (Note: Usually we when using chmod xyz filename filename is set properties, it is assumed that no SUID, SGID and Sticky bit).
4 is the SUID
2 for the SGID
1 to Sticky bit
suppose you want a document attributes to "-rwsr-xr-x", due in s user permissions, so is the SUID, therefore, before the original 755 plus 4 , that is, use "chmod 4755 filename" is set.
SUID may be used "chmod u + s filename" set, "chmod us filename" to cancel the set SUID; Similarly, SGID SGID set can be canceled with the "chmod g + s filename", "chmod gs filename".
In general, the use of Linux over the students all know, Linux file permissions are rwx, owner, all the groups, other users rwx permissions are independent of each other. To this end, we often hear if a web file needs to be modified, then you need to add permissions to 777, which is to allow all users to write.
But think carefully, this authority is somewhat naive to think comparatively, no special circumstances test filter. For example, the / tmp directory permissions default is 777, but some files also allows all users access to modify, then it is not any one of these users can delete it? Another example is / etc / shadow is stored in the user's password file, its permissions default is 640, then only the shadow of the owner (root) to modify it, according to the conventional understanding, this is incomprehensible, because each user may change the password, that is, modify the file.
In order to explain these circumstances, it is necessary to introduce a special Linux file permission concept. Linux file permissions have three special thing: sticky bit, SGID, SUID, the following 11 years.
sticky bit
sticky bit is only valid for the directory, the files in the directory, only the owner can delete the file (if he does not belong to the owner, only belong to group or other, even if he has w permission, you can not delete files).
Plus sticky bit of method:
chmod o + t / tmp or
chmod 1777 /tmp
Check whether to raise the sticky bit, use ls -l, you can see the permissions like this: "- rwxrwxrwt", t have been added on behalf of sticky bit, and come into force, if the display is "-rwxrwxrwT", explained It has also been added sticky bit, but not entered into force (because there is no other authority could have been written).
Take a look at the / tmp directory permissions, it is drwxrwxrwt
SGID(The Set GroupID )
Plus SGID files, indicate when you run this program, is temporarily operating at the identity of the group that owns the file; plus SGID folder represents a file created in this directory belong to the list of all the groups, rather than creating man group resides, the directory created in this directory inherit SGID this catalog.
SGID plus method:
chmod g + s / tmp or
chmod 2777 /tmp
To see if the addition of SGID, use ls -l, you can see something like this privilege "drwxrwsrwx", s represents have been added SGID, and take effect, if the display "drwxrwSrwx", explained that it had added SGID, but did not take effect (because the group had no permission to be executed).
SUID(The Set UserID)
SUID and SGID are the same, the only difference is that the runtime is based on the identity of the owner of the file to run.
Plus SUID method:
chmod o + s / tmp or
chmod 4777 /tmp
Similarly, the addition of file permissions SUID are similar to these two: "drwsrwxrwx", "drwSrwxrwx".
Take a look at the passwd command authority: ll / usr / bin / passwd, is "-rwsr-x-rx", finally know why the implementation passwd, you can modify / etc / shadow file, right
SUID: u x bits placed in the original position of the Executive authority, it is set to s, not for S.
SGID: g x bits placed in the original position of the Executive authority, it is set to s, not for S.
sTICKY: sticky bit, the bit is placed x o, the original position of the Executive authority, it is set to t, otherwise T.