What permissions does linux s have?
In Linux, s refers to "forced bit permissions", which is located in the third position of the user or group permission group. If the s bit is set in the user permission group, when the file is executed, the file executes the program with the file owner UID instead of the user UID; if the s bit is set in the group permission group, when the file is executed, The file is executed with the file owner GID instead of the user GID. The s permission bit is a sensitive permission bit and can easily cause system security issues.
#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.
The most common file permissions in Linux systems are w, r, and x, which correspond to write, read, and execute permissions respectively. However, in addition, Linux also supports another series of permission settings, such as s permissions. , t permissions. The following introduces the specific meaning of s permissions.
s permissions
s, which means set UID or set GID. Located in the third position of the user or group permission group. If the s bit is set in the user permission group, when the file is executed, the file executes the program with the file owner UID instead of the user UID. If the s bit is set in the group permission group, when the file is executed, the file executes the program with the file owner GID instead of the user GID. The s permission bit is a sensitive permission bit and can easily cause system security issues. Please be careful when setting it up and be aware of SUID or SGID files and directories already on your system.
s permissions include two constants, S_ISUID and S_ISGID, which are called forced bit permissions;
S_ISUID can only be applied to binary executable files*;
S_ISGID can be applied to binary executable files* and directories;
*shell scripts cannot, because shell scripts are not binary files.
S_ISUID and S_ISGID are used On binary files:
If S_ISUID is true, set the effective user ID of this process to the user ID of the owner of this file.
If S_ISGID is true, set the effective user group ID of this process to the group ID of this file.
Since the process has a user/group ID that affects file access permissions, then Equivalent to temporarily possessing the identity of the file owner. A typical file is passwd. If a general user executes the file, during the execution process, the file can obtain root permissions, so that the user's password can be changed.
S_ISGID When used in a directory:
After the current user executes chdir to switch to the directory, the effective user group ID (effective group) of the user process will be set to the user group of the directory. If the user has w in this directory permissions, then the user group ID of the new file created by the user process is the same as the user group ID of the directory.
ls -al /usr/bin/passwd -rwsr-xr-x 1 pythontab pythontab 32988 2018-03-16 14:25 /usr/bin/passwd
The values of the two constants are:
| oct | dec | |
| S_ISUID | 4000 | 2048 |
| S_ISGID | 2000 | 1024 |
is the mask of the 12th and 11th bits respectively.
how to use?
We can set s permissions through character mode: chmod a s filename, or we can use absolute mode to set:
Set suid : Set the bit before the corresponding permission bit to 4;
Set guid: Set the bit before the corresponding permission bit to 2;
Set both: set the bit before the corresponding permission bit to 4 2=6.
Set a file to run with the file owner UID identity:
chmod 4755 test
Set the identity of a file with the file owner's GID when running:
chmod 2755 test
Set the identity of a file with both of the above when running:
chmod 6755 test
Note: When setting the s permission, the file owner and group must first set the corresponding x permission, otherwise the s permission will not really take effect (the ch m o d command does not perform necessary integrity checks, even if the s permission is set without setting the x permission, chmod will not report an error. When we ls -l, we see rwS. The capital S indicates that the s permission is not in effect)
Summary
Executable files are equipped with this permission , you can gain privileges and arbitrarily access all system resources that the owner of the file can use. Please pay attention to files with SUID permissions. Hackers often use this permission to match the root account owner with SUID to silently open a backdoor in the system for future access.
Related recommendations: "Linux Video Tutorial"
The above is the detailed content of What permissions does linux s have?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Android TV Box gets unofficial Ubuntu 24.04 upgrade
Sep 05, 2024 am 06:33 AM
For many users, hacking an Android TV box sounds daunting. However, developer Murray R. Van Luyn faced the challenge of looking for suitable alternatives to the Raspberry Pi during the Broadcom chip shortage. His collaborative efforts with the Armbia
deepseek web version entrance deepseek official website entrance
Feb 19, 2025 pm 04:54 PM
DeepSeek is a powerful intelligent search and analysis tool that provides two access methods: web version and official website. The web version is convenient and efficient, and can be used without installation; the official website provides comprehensive product information, download resources and support services. Whether individuals or corporate users, they can easily obtain and analyze massive data through DeepSeek to improve work efficiency, assist decision-making and promote innovation.
How to install deepseek
Feb 19, 2025 pm 05:48 PM
There are many ways to install DeepSeek, including: compile from source (for experienced developers) using precompiled packages (for Windows users) using Docker containers (for most convenient, no need to worry about compatibility) No matter which method you choose, Please read the official documents carefully and prepare them fully to avoid unnecessary trouble.
BitPie Bitpie wallet app download address
Sep 10, 2024 pm 12:10 PM
How to download BitPie Bitpie Wallet App? The steps are as follows: Search for "BitPie Bitpie Wallet" in the AppStore (Apple devices) or Google Play Store (Android devices). Click the "Get" or "Install" button to download the app. For the computer version, visit the official BitPie wallet website and download the corresponding software package.
BITGet official website installation (2025 beginner's guide)
Feb 21, 2025 pm 08:42 PM
BITGet is a cryptocurrency exchange that provides a variety of trading services including spot trading, contract trading and derivatives. Founded in 2018, the exchange is headquartered in Singapore and is committed to providing users with a safe and reliable trading platform. BITGet offers a variety of trading pairs, including BTC/USDT, ETH/USDT and XRP/USDT. Additionally, the exchange has a reputation for security and liquidity and offers a variety of features such as premium order types, leveraged trading and 24/7 customer support.
Zabbix 3.4 Source code compilation installation
Sep 04, 2024 am 07:32 AM
1. Installation environment (Hyper-V virtual machine): $hostnamectlStatichostname:localhost.localdomainIconname:computer-vmChassis:vmMachineID:renwoles1d8743989a40cb81db696400BootID:renwoles272f4aa59935dcdd0d456501Virtualization:microsoftOperatingSystem:CentOS Linux7(Core)CPEOSName:cpe:
Ouyi okx installation package is directly included
Feb 21, 2025 pm 08:00 PM
Ouyi OKX, the world's leading digital asset exchange, has now launched an official installation package to provide a safe and convenient trading experience. The OKX installation package of Ouyi does not need to be accessed through a browser. It can directly install independent applications on the device, creating a stable and efficient trading platform for users. The installation process is simple and easy to understand. Users only need to download the latest version of the installation package and follow the prompts to complete the installation step by step.
Get the gate.io installation package for free
Feb 21, 2025 pm 08:21 PM
Gate.io is a popular cryptocurrency exchange that users can use by downloading its installation package and installing it on their devices. The steps to obtain the installation package are as follows: Visit the official website of Gate.io, click "Download", select the corresponding operating system (Windows, Mac or Linux), and download the installation package to your computer. It is recommended to temporarily disable antivirus software or firewall during installation to ensure smooth installation. After completion, the user needs to create a Gate.io account to start using it.
