When ever we log into the system , a shell
is started. While working there are many files that belong to many other users
who have created them and we don’t have permissions to do any thing on this.
Consider the case of a file /etc/passwd , this is a password file maintained by
linux kernel for storing the user password. This file permission is set to
change for only root user. So now consider when a different user want to change
his password , the password should be updated in this file but if the file has
only permission for root then how can the newly password will update this file.
[root@localhost templer]# ls -lart
/etc/passwd
-rw-r--r--. 1 root root 2196 Aug 27 19:47
/etc/passwd
Suid
and sgid
The linux permission model has 2 special
cases modes called suid(set user ID) and sgrid (set Group ID). When a program
is set with suid access , it will run the file as if it had been started by the
file owner rather than the user who started that. Similarly with the sgid
access mode set , the program will run as if it is running by a user who belong
to the file group rather than his own group.
We can use chmod command by adding a ‘4’ at
the beginning of the permission for suid as
Chmod
4755 test_file
Now once we check the file we see
[root@localhost templer]# chmod 4755 hello
[root@localhost templer]# ll
total 0
-rwsr-xr-x 1 root root 0 Nov 14 15:09 hello
Similarly we can add ‘2’ at the beginning
of the permission for sgid as
Chmod 2755 test_file
Now once we check the file we see
[root@localhost templer]# chmod 2755 hello
[root@localhost templer]# ll
total 0
-rwxr-sr-x 1 root root 0 Nov 14 15:09 hello
Sticky
Bit
Linux directory access permissions define
that if a user has write permissions on a directory he can rename or remove the
files in that directory even though the files does not belong to that him. So
When the owner of the directory sets a Sticky bit , the files cannot be either
renamed or removed by any user (leaving the owner and root)
chmod +t /tmp to set the sticky bit
chmod -t /tmp to remove the sticky bit
or
chmod 1755 /tmp prefix a '1' to set the sticky bit
No comments :
Post a Comment