什么是SUID
Suid:全称为set owner user id up on execution,允许用户以文件拥有者的权限运行该文件;
最常见的为passwd命令,该命令会访问/etc/passwd和/etc/shadow,而普通用户无法修改这两个文件,通过设置passwd的suid可暂时让用户拥有root权限从而修改自身密码;
可通过2种方式设置suid:chmod u+s;chmod 4750,4代表SUID;
查看suid
ls –l会列出如下信息
-rwsr-xr-x 1 root root 27936 Nov 12 2010 /usr/bin/passwd
注意s必须为小写,如果为大写则意味着用户没有执行权限,还需chmod u+x为其赋值
可通过find / -perm +4000查找所有设置了SUID的文件
SGID类似suid,相应权限从owner变为group
设置sgid:chmod g+s; chmod 2750
什么是Sticky bit
通常用于文件夹,避免其内容被用户删除(即便该用户有权限也无法执行,除非其为owner或root),通常/tmp目录可如此设置
2种方式授权:chmod o+t;chmod 1750
drwxr-xr-t 2 oracle dba 4096 May 18 2012 client
|
Operator |
Description | |
|
+ |
adds the specified modes to the specified classes | |
|
- |
removes the specified modes from the specified classes | |
|
= |
the modes specified are to be made the exact modes for the specified classes | |
|
Flag |
Octal value |
Purpose |
|
S_ISUID |
04000 |
Set user ID on execution |
|
S_ISGID |
02000 |
Set group ID on execution |
|
S_ISVTX |
01000 |
Sticky bit |
|
chmod u+x myfile |
Gives the user execute permission on myfile. |
|
chmod +x myfile |
Gives everyone execute permission on myfile. |
|
chmod ugo+x myfile |
Same as the above command, but specifically specifies user, group and other. |
|
chmod +s myfile |
Set the setuid bit. |
|
chmod go=rx myfile |
Remove read and execute permissions for the group and other. |