http://www.linuxserverworldadmin.blogspot.in/2015/03/advanced-file-permissions-in-linux.html
To view the location of a command use which
[root@client24 myfolder]# which cat /bin/cat
[root@client24 myfolder]# ls -ld /bin/cat
-rwxr-xr-x 1 root root 23100 Nov 27 2006 /bin/cat
[root@client24 myfolder]# su - tom
[tom@client24 ~]$ cat > myfile
hello
Open another terminal as root user
root@client24 ~]# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND
tom 3972 0.0 0.1 3680 432 pts/1 S+ 22:01 0:00 cat
[root@client24 myfolder]# ls -ld /bin/cat
-rwxr-xr-x 1 root root 23100 Nov 27 2006 /bin/cat
Set SUID on the file
[root@client24 myfolder]# chmod 4755 /bin/cat [root@client24 myfolder]# ls -ld /bin/cat
-rwsr-xr-x 1 root root 23100 Nov 27 2006 /bin/cat
[root@client24 myfolder]# su - tom
[tom@client24 ~]$ cat >> myfile
Open another terminal as root user
root@client24 ~]# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND
root 4032 0.0 0.1 3680 436 pts/1 S+ 22:05 0:00 cat
[root@client24 ~]# mkdir /myfolder
[root@client24 ~]# cd /myfolder
[root@client24 myfolder]# ls
[root@client24 myfolder]# cat > test
Learning Linux is a wise man's decesion.
[root@client24 myfolder]# ls -ld test
-rw-r--r-- 1 root root 41 Jul 13 21:22 test
[root@client24 myfolder]# ls -ld /myfolder
drwxrwxrwx 2 root root 4096 Jul 13 21:21 /myfolder
Set SGID on the folder
[root@client24 myfolder]# chmod 2777 /myfolder
[root@client24 myfolder]# ls -ld /myfolder
drwxrwsrwx 2 root root 4096 Jul 13 21:21 /myfolder [root@client24 myfolder]# ls
test
[root@client24 myfolder]# su - tom
[tom@client24 ~]$ cd /myfolder
[tom@client24 myfolder]$ ls -l
total 4
-rw-r--r-- 1 root root 41 Jul 13 21:22 test
[tom@client24 myfolder]$ cat > myfile file to test SGID
[tom@client24 myfolder]$ ls -ld myfile
-rw-r--r-- 1 tom root 18 Jul 13 22:14 myfile [root@client24 myfolder]# su - joy
[joy@client24 ~]$ cd /myfolder
[joy@client24 myfolder]$ ls -l
total 8
-rw-r--r-- 1 tom root 18 Jul 13 22:14 myfile
-rw-r--r-- 1 root root 41 Jul 13 21:22 test
[joy@client24 myfolder]$ cat > joy_file
hello this file is created by joy but because of SGID bit set its group ownership will be root
[joy@client24 myfolder]$ ls -ld joy_file
-rw-rw-r-- 1 joy root 95 Jul 13 22:15 joy_file
joy and tom have the same primary group called joy
[root@client24 ~]# mkdir /sticky
[root@client24 ~]# chmod 777 /sticky
[root@client24 ~]# su - tom
[tom@client24 ~]$ cd /sticky
[tom@client24 sticky]$ ls -l
total 0
[root@client24 sticky]# su - tom [tom@client24 ~]$ cd /sticky/ [tom@client24 sticky]$ ls
[tom@client24 sticky]$ cat > tom_file
hello am tom, am going to set sticky bit on the /sticky folder. [tom@client24 sticky]$ ls -l
total 4
-rw-r--r-- 1 tom joy 64 Jul 13 22:36 tom_file
[tom@client24 sticky]$ chmod 664 tom_file
[tom@client24 sticky]$ ls -ld tom_file
-rw-rw-r-- 1 tom joy 64 Jul 13 22:36 tom_file [root@client24 sticky]# su - joy
[joy@client24 ~]$ cd /sticky
[joy@client24 sticky]$ ls -l
total 4
-rw-rw-r-- 1 tom joy 64 Jul 13 22:37 tom_file
[joy@client24 sticky]$ rm tom_file
[joy@client24 sticky]$ ls
To avoid joy to del the file owned by the user tom apply sticky bit on the folder.
[root@client24 sticky]# ls -ld /sticky
drwxrwxrwx 2 root root 4096 Jul 13 22:38 /sticky
Set Sticky Bit
[root@client24 sticky]# chmod 1777 /sticky [root@client24 sticky]# ls -ld
drwxrwxrwt 2 root root 4096 Jul 13 22:38 . [root@client24 sticky]# su - tom
[tom@client24 ~]$ cd /sticky/
[tom@client24 sticky]$ ls
[tom@client24 sticky]$ cat > tom_file
this file is created by tom whose primary group is joy, but joy cannot delete this file.
[tom@client24 sticky]$ ls -ld /sticky/tom_file
-rw-r--r-- 1 tom joy 89 Jul 13 22:41 /sticky/tom_file [root@client24 sticky]# su - joy
[joy@client24 ~]$ cd /sticky/
[joy@client24 sticky]$ ls -l
total 4
-rw-r--r-- 1 tom joy 89 Jul 13 22:41 tom_file
[joy@client24 sticky]$ rm tom_file
rm: remove write-protected regular file `tom_file'? y
rm: cannot remove `tom_file': Operation not permitted
[joy@client24 sticky]$ ls -l
total 4
-rw-r--r-- 1 tom joy 89 Jul 13 22:41 tom_file
To view the location of a command use which
[root@client24 myfolder]# which cat /bin/cat
[root@client24 myfolder]# ls -ld /bin/cat
-rwxr-xr-x 1 root root 23100 Nov 27 2006 /bin/cat
[root@client24 myfolder]# su - tom
[tom@client24 ~]$ cat > myfile
hello
Open another terminal as root user
root@client24 ~]# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND
tom 3972 0.0 0.1 3680 432 pts/1 S+ 22:01 0:00 cat
[root@client24 myfolder]# ls -ld /bin/cat
-rwxr-xr-x 1 root root 23100 Nov 27 2006 /bin/cat
Set SUID on the file
[root@client24 myfolder]# chmod 4755 /bin/cat [root@client24 myfolder]# ls -ld /bin/cat
-rwsr-xr-x 1 root root 23100 Nov 27 2006 /bin/cat
[root@client24 myfolder]# su - tom
[tom@client24 ~]$ cat >> myfile
Open another terminal as root user
root@client24 ~]# ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND
root 4032 0.0 0.1 3680 436 pts/1 S+ 22:05 0:00 cat
[root@client24 ~]# mkdir /myfolder
[root@client24 ~]# cd /myfolder
[root@client24 myfolder]# ls
[root@client24 myfolder]# cat > test
Learning Linux is a wise man's decesion.
[root@client24 myfolder]# ls -ld test
-rw-r--r-- 1 root root 41 Jul 13 21:22 test
[root@client24 myfolder]# ls -ld /myfolder
drwxrwxrwx 2 root root 4096 Jul 13 21:21 /myfolder
Set SGID on the folder
[root@client24 myfolder]# chmod 2777 /myfolder
[root@client24 myfolder]# ls -ld /myfolder
drwxrwsrwx 2 root root 4096 Jul 13 21:21 /myfolder [root@client24 myfolder]# ls
test
[root@client24 myfolder]# su - tom
[tom@client24 ~]$ cd /myfolder
[tom@client24 myfolder]$ ls -l
total 4
-rw-r--r-- 1 root root 41 Jul 13 21:22 test
[tom@client24 myfolder]$ cat > myfile file to test SGID
[tom@client24 myfolder]$ ls -ld myfile
-rw-r--r-- 1 tom root 18 Jul 13 22:14 myfile [root@client24 myfolder]# su - joy
[joy@client24 ~]$ cd /myfolder
[joy@client24 myfolder]$ ls -l
total 8
-rw-r--r-- 1 tom root 18 Jul 13 22:14 myfile
-rw-r--r-- 1 root root 41 Jul 13 21:22 test
[joy@client24 myfolder]$ cat > joy_file
hello this file is created by joy but because of SGID bit set its group ownership will be root
[joy@client24 myfolder]$ ls -ld joy_file
-rw-rw-r-- 1 joy root 95 Jul 13 22:15 joy_file
joy and tom have the same primary group called joy
[root@client24 ~]# mkdir /sticky
[root@client24 ~]# chmod 777 /sticky
[root@client24 ~]# su - tom
[tom@client24 ~]$ cd /sticky
[tom@client24 sticky]$ ls -l
total 0
[root@client24 sticky]# su - tom [tom@client24 ~]$ cd /sticky/ [tom@client24 sticky]$ ls
[tom@client24 sticky]$ cat > tom_file
hello am tom, am going to set sticky bit on the /sticky folder. [tom@client24 sticky]$ ls -l
total 4
-rw-r--r-- 1 tom joy 64 Jul 13 22:36 tom_file
[tom@client24 sticky]$ chmod 664 tom_file
[tom@client24 sticky]$ ls -ld tom_file
-rw-rw-r-- 1 tom joy 64 Jul 13 22:36 tom_file [root@client24 sticky]# su - joy
[joy@client24 ~]$ cd /sticky
[joy@client24 sticky]$ ls -l
total 4
-rw-rw-r-- 1 tom joy 64 Jul 13 22:37 tom_file
[joy@client24 sticky]$ rm tom_file
[joy@client24 sticky]$ ls
To avoid joy to del the file owned by the user tom apply sticky bit on the folder.
[root@client24 sticky]# ls -ld /sticky
drwxrwxrwx 2 root root 4096 Jul 13 22:38 /sticky
Set Sticky Bit
[root@client24 sticky]# chmod 1777 /sticky [root@client24 sticky]# ls -ld
drwxrwxrwt 2 root root 4096 Jul 13 22:38 . [root@client24 sticky]# su - tom
[tom@client24 ~]$ cd /sticky/
[tom@client24 sticky]$ ls
[tom@client24 sticky]$ cat > tom_file
this file is created by tom whose primary group is joy, but joy cannot delete this file.
[tom@client24 sticky]$ ls -ld /sticky/tom_file
-rw-r--r-- 1 tom joy 89 Jul 13 22:41 /sticky/tom_file [root@client24 sticky]# su - joy
[joy@client24 ~]$ cd /sticky/
[joy@client24 sticky]$ ls -l
total 4
-rw-r--r-- 1 tom joy 89 Jul 13 22:41 tom_file
[joy@client24 sticky]$ rm tom_file
rm: remove write-protected regular file `tom_file'? y
rm: cannot remove `tom_file': Operation not permitted
[joy@client24 sticky]$ ls -l
total 4
-rw-r--r-- 1 tom joy 89 Jul 13 22:41 tom_file
No comments:
Post a Comment