Eight special permissions on linux file system SUID, GUID, Sticky

Others 2019-08-11 10:45:02 views: null

 

Security Context

  Prerequisite: course there are the owner and group files have the owner and group

  •   Any executable file can not start for the process: the initiator of the program depends on whether the file has execute permission
  •   After starting as a process, the owner of which is the initiator of the process : the process is a group of sponsors for the group belongs
  •        The initiator of the process when permission to access files, depending on the process
    •   The initiator of the process, with the owner of the file, the application file owner permissions
    •   The initiator of the process, is a group belonging to the file, the application file is a set of permissions
    •        Application Files "other" permission

 SOUTH 提 权

  Breaking the security context of the rules

  •   Any executable file can not start for the process: the initiator of the program depends on whether the file has execute permission
  •   After starting as a process, which is the main process for the original program files is the main piece: (genus group process does not make much sense)

  Permissions:

    chmod u+ FILENAME

    chmod u-s  FILENAME

 

SGID

  By default, when a user creates a file, it is a basic set of groups this user belongs;

  Once a directory is set SGID, then this directory has write access to users in this directory set of files created in this directory belong to the genus group

  Permissions

      chmod g+s DIR...

      chmod  g-s  DIR...

A user can not be deleted in the file, depending on whether the file directory where you have write access

 

Sticky sticky bit

  For more than a writable directory, if you set the sticky, each user can only delete your files

  Permissions:

    chmod  o+t DIR...

    chmod  o-t  DIR...

  By default, the / tmp directory permissions set -t

SUID SGID STICKY

    0    0    0

       ... 

    1     1     1

 

chmod  4 777 /tmp/a.txt: Location on behalf of special permissions, which represents a 4 SUID permission

Note:

  SUID: user execute permission bits occupy the owner

      s: owner has permission to x

      S: owner no permission x

  GUID: group, occupy execute permission bits is a group of

      s: group have permission x

      S: group no permission x

    Sticky: other, occupy other execution permission bits

      t: other permission to have x

      T: other x no authority

 

Guess you like

Origin www.cnblogs.com/liuzhiyun/p/11333288.html
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com