Advanced Permissions good programmer cloud computing to learn the route, suid, sgid, sticky
file permissions management of: advanced permissions
Question 1: Why will fail!
[Tianyun the root @ ~] # LL /root/file1.txt
-rw-R & lt - r-- the root the root. 1. 4. 7 14:14 /root/file1.txt dated 27
[Tianyun Alice @ ~] $ CAT / the root / file1.txt see hierarchical verification, ll-d / ll-d / root (root entrance forbidden)
CAT: /root/file1.txt: enough authority
Analysis:
root / usr / bin / CAT (root) (process owner) /root/file1.txt the OK
alice / usr / bin / CAT (alice) /root/file1.txt
Ordinary users to modify the password:
alice / usr / bin / passwd (root) / etc / Shadow
Advanced Permissions type of
the SUID 4
SGID 2
Sticky sticky bit 1
Special permissions set
a, the character
the chmod + U S File
the chmod + G S File
the chmod + G S the dir
the chmod the dir O + T
b,数字
chmod 4777 file
chmod 7777 file
chmod 2770 you
chmod 3770 you
Example 1: suid suid ordinary users by providing the right <file for>
increase process suid permissions on the file (binary, executable)
[the root Tianyun @ ~] # the chmod + U S / usr / bin / CAT
[Tianyun the root @ ~] the chmod + S U # / usr / bin / RM
[Alice Tianyun @ ~] $ CAT /root/file1.txt
Ordinary users can change the password:
alice / usr / bin / passwd / etc / Shadow
[alice@tianyun ~]$ ll /etc/shadow
---------- 1 root root 1487 6月 4 13:43 /etc/shadow
[alice@tianyun ~]$ ll /usr/bin/passwd
-rwsr-xr-x. 1 root root 30768 2月 17 2012 /usr/bin/passwd
[alice @ tianyun ~] $ passwd
to change the password for the user alice.
Changing STRESS password for alice.
(Current) UNIX password:
[root @ tianyun ~] # ps aux | grep passwd
root 3674 0.0 0.0 165764 1884 pts / 1 S + 14:34 0:00 passwd
-rwsr-xr-x. 1 root root 27832 Jun 10 2014 / usr / bin / passwd
whatever people have ROOT user to perform this is SUID
Two current ordinary user to mention the right tools:
sudo: understand, targeted, for example, to be able to execute certain commands for a user logged in as root.
LL / usr / bin / passwd
suid: Basic for all users, any user program has suid permission to perform (such as / usr / bin / rm), are in as root.
Example 2: sticky users can delete their own files <for directory>
[root @ Tianyun ~] # mkdir / home / dir1
[root @ Tianyun ~] # chmod 777 / home / dir1
test: user1 create a file in / home / dir1 , user2 try to remove!
[root @ Tianyun ~] # chmod + t O / Home / dir1
[root @ Tianyun ~] # LL -d / Home / dir1
rwxrwxrwt 2 root root 4096 09-02 02:26 / Home / dir1
who can delete:
root
file the owner of
the owner of the directory
Example 3: sgid new file inherits directory is a group <-directory>
[the root @ Tianyun ~] # mkdir / Home / HR
[the root @ Tianyun ~] # chgrp HR / Home / HR /
[the root @ Tianyun ~] # the chmod G + S / Home / HR
[Tianyun the root @ ~] -d # LL / Home / HR /
drwxr-SR-X. 2. 5 16:03 On Dec 4096 the root HR / Home / HR /
[root@tianyun ~]# touch /home/hr/file9
[root@tianyun ~]# ll /home/hr/
-rw-r--r--. 1 root hr 0 Dec 5 16:03 file9
================================================== ===============
Tips: Note the correct permissions to the following directory, otherwise it will cause the program not running
[root @ wangcy ~] # LL -d / tmp / var / tmp /
drwxrwxrwt the root the root 10:15 4096 07-26 14 / tmp
drwxrwxrwt the root the root 2 19:02 4096 07-24 / var / tmp /
expand
NIC configuration file
[root @ localhost ~] # vim / etc / sysconfig / Network-scripts / the ifcfg-eth0
the DEVICE = eth0
the TYPE = Ethernet
BOOTPROTO = none | static | ------ dhcp ip set acquisition mode
HWADDR = 00: 0c: 29: 5e: 13: 12
NM_CONTROLLED = NO ---- whether NetworkManager open
| no ---------- card is active = yes ONBOOT
IPADDR = 172.16.110.1
NETMASK = 255.255.255.0
GATEWAY = 172.16 .110.254