Special File Permission (Setuid, Setgid and Sticky Bits) (ZT)

http://solsupport.blogspot.com/2012/05/special-file-permission-setuid-setgid.html

Special File Permission (Setuid, Setgid and Sticky Bits)

By setting special file permission on any executable file or directories, users who run those executable

files assumes the user ID of the owner or group of the executable file.

Hence A user can gain the superuser privileges by executing the programs that sets the user id to root.

Setuid Permission

When set-user identification (setuid) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who is running the executable file. This special permission allows a user to access files and directories that are normally only available to the owner. For example, the setuid permission on the passwd command makes it possible for a user to change passwords, assuming the permissions of the root ID

#ls -l /usr/bin/passwd

-r-sr-sr-x 3 root sys 96796 Jul 15 21:23 /usr/bin/passwd

Setuid  permissions can be set by using the chmod command to assign the octal value 4 as the first number in a series of four octal values.

#chmod 4555 file1
 
 

Setgid Permission

The set-group identification (setgid) permission is similar to setuid, except that the process's effective group ID (GID) is changed to the group owner of the file, and a user is granted access based on permissions granted to that group. ex /usr/bin/mail has setgid permission set.

When setgid permission is applied to a directory, files that were created in this directory belong to the group to which the directory belongs, not the group to which the creating process belongs. Any user who has write and execute permissions in the directory can create a file there. However, the file belongs to the group that owns the directory, not to the user's group ownership.

Setgid  permissions can be set by using the chmod command to assign the octal value 2 as the first number in a series of four octal values.

#chmod 2551 file1
#ls -ltr 
-r-xr-s—x   1 dj  dj  26876 Jul 15 21:23 file1

Sticky Bit
The sticky bit is a permission bit that protects the files within a directory. If the directory has the sticky bit set, a file can be deleted only by the owner of the file, the owner of the directory, or by root. This special permission prevents a user from deleting other users' files from public directories such as /tmp.
sticky bits permissions can be set by using the chmod command to assign the octal value 1 as the first number in a series of four octal values.
# chmod 1777 file1
# ls -l file1
drwxrwxrwt   2 dj dj  512 Jul 15 21:23 file1
posted @ 2013-04-16 16:22  生命的力量在于不顺从  阅读(294)  评论(0编辑  收藏  举报