1. Exercise: Batch Create n Users#
Batch create n users
Usernames start with sanchuang, sanchuang
Specify home directory /lianxi/user
Example
---------------------------------------------------------------------------------------------------------------------------------
[root@localhost ~]# seq -w 10 # Note: -w outputs equal length
01
02
………………
09
10
[root@sanchuang-linux ~]# vim create_user2.sh
#!/bin/bash
num=$1 # Note: $1 receives parameters, rename it for clarity
[ -d /lianxi/user ] || mkdir /lianxi/user # Note: -d checks if the directory exists, -f checks if a regular file exists
for i in `seq -w $num` # Note: mkdir /lianxi/user is enough, do not add username directory
do # Note: Check if it exists, if true do nothing, if false execute mkdir…
useradd -d /lianxi/user/sanchuang$i sanchuang$i
done
[root@sanchuang-linux ~]# bash create_user2.sh 12
useradd: user "sanchuang01" already exists
useradd: user "sanchuang02" already exists
………………
useradd: user "sanchuang10" already exists
useradd: user "sanchuang12" already exists
[root@sanchuang-linux ~]# cd /lianxi/user
[root@sanchuang-linux user]# ls
sanchuang01 ………… sanchuang10 sanchuang12
[root@sanchuang-linux user]# cd
[root@sanchuang-linux ~]# bash create_user2.sh 20
useradd: user "sanchuang01" already exists
useradd: user "sanchuang02" already exists
………………
useradd: user "sanchuang12" already exists
useradd: user "sanchuang13" already exists
[root@sanchuang-linux ~]# cd /lianxi/user
[root@sanchuang-linux user]# ls
sanchuang01 ………… sanchuang18 sanchuang20
2. Generally, ordinary users can only create files or folders in their home directory or /tmp directory#
Generally, ordinary users can only create files or folders in their home directory or /tmp directory
Note: /tmp directory is a temporary directory, generally used to store temporary items#
Note: (e.g., some items that need to be recorded during program execution, delete items in /tmp after the program ends)#
[root@sanchuang-linux ~]# su - sanchuang
Last login: Fri Nov 6 17:09:41 CST 2020 pts/2
[sanchuang@sanchuang-linux ~]$ ls -ld /
dr-xr-xr-x. 38 root root 4096 Nov 5 15:12 /
[sanchuang@sanchuang-linux ~]$ ls -ld /etc
drwxr-xr-x. 90 root root 8192 Nov 7 15:00 /etc
[sanchuang@sanchuang-linux ~]$ ls -ld ./ # Note: Create files or folders in the home directory
drwxrwxrwx. 4 sanchuang sanchuang 122 Nov 6 17:10 ./
[sanchuang@sanchuang-linux ~]$ ls -ld /tmp # Note: Create files or folders in /tmp directory
drwxrwxrwt. 12 root root 264 Nov 7 10:36 /tmp
# Note: chmod can only modify permissions when you are the owner
3. chmod#
To use chmod, you must be the owner of the file to change the read, write, and execute permissions (except for root)
Note: To use chmod, the user must be the owner of the file to modify (even members of the file's group do not have permission to modify the file)#
Note: Except for the root user#
Example: Difference between using su with - and without -
[root@sanchuang-linux chenpeng]# su - sanchuang11 # Note: Using - will automatically switch to the home directory
Last login: Sat Nov 7 15:10:51 CST 2020 pts/0
[sanchuang11@sanchuang-linux ~]$ exit
Logout
[root@sanchuang-linux chenpeng]# su sanchuang11 # Note: Not using - will stay in the current directory
[sanchuang11@sanchuang-linux chenpeng]$
4. Set file/directory ownership#
Set file/directory ownership
4.1 chown command#
chown command # Note: Used to change the owner and group of a file
- Must be root # Note: Only root can change with chown
- User and group must exist
- Format:
chown owner file
chown :group file
chown owner:group file
Example: chown changes the owner and group of a file
--------------------------------------------------------------------------------------------
[root@sanchuang-linux tmp]# ls -al sanchuang_log # Note: Owner sanchuang; Group sanchuang
-rw-rw-r-- 1 sanchuang sanchuang 673 Nov 7 15:19 sanchuang_log
[root@sanchuang-linux tmp]# chown sanchuang10 sanchuang_log # Note: Change owner to sanchuang10
[root@sanchuang-linux tmp]# ls -al sanchuang_log
-rw-rw-r-- 1 sanchuang10 sanchuang 673 Nov 7 15:19 sanchuang_log
[root@sanchuang-linux tmp]# chown :sanchuang9 sanchuang_log # Note: Change group to sanchuang9
[root@sanchuang-linux tmp]# ls -al sanchuang_log
-rw-rw-r-- 1 sanchuang10 sanchuang9 673 Nov 7 15:19 sanchuang_log
[root@sanchuang-linux tmp]# chown sanchuang2:sanchuang sanchuang_log # Note: Change both owner and group
[root@sanchuang-linux tmp]# ls -al sanchuang_log
-rw-rw-r-- 1 sanchuang2 sanchuang 673 Nov 7 15:19 sanchuang_log
# Note: Owner and group cannot be changed arbitrarily
# Note: Numbers can be changed freely, there are no restrictions, no mandatory checks
# Note: Changing string names will be checked
[root@sanchuang-linux tmp]# chown xixi:haha sanchuang_log # Note: Changing strings will be checked
chown: invalid user: “xixi:haha”
[root@sanchuang-linux tmp]# chown 6666:6666 sanchuang_log # Note: Numbers have no restrictions
[root@sanchuang-linux tmp]# ls -al sanchuang_log
-rw-rw-r-- 1 6666 6666 673 Nov 7 15:19 sanchuang_log
4.2 chgrp command#
chgrp command # Note: Change group (not commonly used)
- Format:
chgrp group file - Must be root or the file's owner
- Must be a member of the new group
Common command options
-R: Recursively modify the ownership of all files and subdirectories in the specified directory
Example: chgrp command changes the group
--------------------------------------------------------------------------------------------
[root@sanchuang-linux tmp]# chgrp sanchuang5 sanchuang_log # Note: Only change group
[root@sanchuang-linux tmp]# ls -al sanchuang_log
-rw-rw-r-- 1 6666 sanchuang5 673 Nov 7 15:19 sanchuang_log
4.3 Users who can execute#
Users who can execute
Operation Users who can execute
chmod root and file owner
chgrp root and file owner (must be a group member)
chown Only root
Note: For chgrp to change the group, the file owner must be a member of the group to be modified#
5. Default Permissions#
- At the kernel level, the initial permission for files is 666
- At the kernel level, the initial permission for directories is 777
- Use the umask command to control default permissions, temporarily effective
[root@localhost ~]# umask 0022
[root@localhost ~]# umask -S u=rwx,g=rx,o=rx
[root@localhost ~]# umask 077
[root@localhost ~]# umask 0077
It is not recommended to modify the system default umask
# Note: umask specifies how large the default permissions are for creating files or directories
============================================================================================
[sanchuang9@sanchuang-linux ~]$ ls -ld dd # Note: Newly created file dd
-rw-rw-r-- 1 sanchuang9 sanchuang9 0 Nov 7 15:48 dd # Note: Permission 644
============================================================================================
5.1 There is umask setting under /etc/profile#
There is umask setting under /etc/profile
System environment settings /etc/profile # Note: There is umask setting under /etc/profile
Note: When judging if uid is greater than 199, and the current user's username and group name are the same, umask is 002#
Note: When the username and group name are different, umask is 022#
[sanchuang9@sanchuang-linux ~]$ less /etc/profile # Note: There is umask setting under /etc/profile
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002 # Note: If uid is greater than 199, execute id -gn command group_name; id -un user_name
else # Note: Determine if uid is greater than 199, and group_name=user_name
umask 022 # Note: When username and group name are the same, umask is 002; when different, umask is 022
fi
--------------------------------------------------------------------------------------------
# Note: The permission for newly created files is 666-umask, and for newly created directories is 777-umask
# Note: Use umask to set file permissions, as the system environment will load every time you log in to the shell, running /etc/profile will set its umask
# Note: id -gn gets the current user's group name
# Note: id -un gets the current username
# When uid is greater than 199, and the current user's group_name and user_name are the same, umask is 002
# In other cases, umask is 022
·At the kernel level, the initial permission for files is 666
·At the kernel level, the initial permission for directories is 777
·Use the umask command to control default permissions, temporarily effective
If umask is 002, it means the default permission for newly created files is 664, and for directories is 775
If umask is 022, it means the default permission for newly created files is 644, and for directories is 755
# Note: 666 - umask
777 - umask
============================================================================================
Example: id -gn gets the current user's group name; id -un gets the current username
--------------------------------------------------------------------------------------------
[root@sanchuang-linux tmp]# /usr/bin/id -gn
root
[root@sanchuang-linux tmp]# /usr/bin/id -un
root
[root@sanchuang-linux tmp]# id -gn # Note: Current user's group name
root
[root@sanchuang-linux tmp]# id -un # Note: Current user's username
root
============================================================================================
Example: To check if two strings are equal, you can use one equal sign
--------------------------------------------------------------------------------------------
[root@sanchuang-linux tmp]# [ "a" = "b" ] || echo "ok" # Note: To check if strings are the same, you can use one equal sign
ok # Note: Condition is false, outputs ok
[root@sanchuang-linux tmp]# [ "a" = "b" ] && echo "ok" # Note: Condition is true, outputs ok
[root@sanchuang-linux tmp]# [ "a" = "a" ] && echo "ok"
ok
--------------------------------------------------------------------------------------------
[root@sanchuang-linux tmp]# su - sanchuang # Note: When username and group name are the same
[sanchuang@sanchuang-linux ~]$ umask
0002 # Note: When username and group name are the same, umask is 002
[sanchuang@sanchuang-linux ~]$ id -gn # Note: The first 0 is the sticky bit, 002 is umask
sanchuang
[sanchuang@sanchuang-linux ~]$ id -un
sanchuang
[root@localhost ~]# su - b1 # Note: When username and group name are different
[b1@localhost ~]$ id
uid=1204(b1) gid=1001(cali) groups=1001(cali),200(tech)
[b1@localhost ~]$ id -un
b1
[b1@localhost ~]$ id -gn
cali
[b1@localhost ~]$ umask # Note: When username and group name are different, umask is 022
0022
[b1@localhost ~]$ touch gg
[b1@localhost ~]$ ls -ld gg # Note: The permission for the newly created file is 644
-rw-r--r--. 1 b1 cali 0 Nov 8 16:27 gg
[b1@localhost ~]$ umask 422 # Note: Temporarily set umask to 422 (temporary modification)
[b1@localhost ~]$ mkdir test # Note: The permission for the newly created directory is 355 (777-umask)
[b1@localhost ~]$ ls -ld test/
d-wxr-xr-x. 2 b1 cali 6 Nov 8 16:49 test/ # Note: Directory permission 355 write execute read execute read execute
============================================================================================
Example: Temporarily set umask
--------------------------------------------------------------------------------------------
[root@sanchuang-linux tmp]# umask 422 # Note: Temporarily change umask
[root@sanchuang-linux tmp]# touch hh
[root@sanchuang-linux tmp]# ls -ld hh
--w-r--r-- 1 root root 0 Nov 7 16:02 hh # Note: File permission is 244 write read read
============================================================================================
Example: umask -S to check the current default permissions
[sanchuang9@sanchuang-linux ~]$ umask -S # Note: Check the current default permissions
u=rwx,g=rwx,o=rx
============================================================================================
Example: To modify a user's umask permanently
--------------------------------------------------------------------------------------------
# Note: Add umask setting in the .bashrc file in the home directory # Permanent modification
# Note: Do not change system configurations like /etc/profile, /etc/bashrc (do not think about changing global configurations)
[sanchuang9@sanchuang-linux ~]$ vim /home/sanchuang9/.bashrc
umask=002
[sanchuang9@sanchuang-linux ~]$ exit
Logout
[root@sanchuang-linux tmp]# su - sanchuang9
Last login: Sat Nov 7 16:07:40 CST 2020 pts/0
[sanchuang9@sanchuang-linux ~]$ umask # Note: umask has changed to 002
0002
[sanchuang9@sanchuang-linux ~]$ bash # Note: Entering a new bash, umask is also 002
[sanchuang9@sanchuang-linux ~]$ umask
0002
6. Exercises#
6.1 Create a new directory /pem and copy the /etc/hosts file to the pem directory#
1. Create a new directory /pem and copy the /etc/hosts file to the pem directory
[root@sanchuang-linux pem]# mkdir /pem
[root@sanchuang-linux pem]# cp /etc/hosts /pem
6.2 Change the permissions of the hosts file so that the owner has read, write, and execute permissions, the group has read and write permissions, and others have no permissions#
2. Change the permissions of the hosts file so that the owner has read, write, and execute permissions, the group has read and write permissions, and others have no permissions
[root@sanchuang-linux pem]# chmod 750 /pem/hosts
[root@sanchuang-linux pem]# ls -al /pem/hosts
-rwxr-x--- 1 root root 158 Nov 7 16:20 /pem/hosts
6.3 Create a /pem2 directory and change the permissions so that anyone has read, write, and execute permissions#
3. Create a /pem2 directory and change the permissions so that anyone has read, write, and execute permissions
[root@sanchuang-linux pem]# mkdir /pem2
[root@sanchuang-linux pem]# chmod 777 /pem2
[root@sanchuang-linux pem]# chmod 777 /pem2 -R # Note: Including all subfiles below
6.4 Change the permissions of the /pem2 directory so that the owner has read, write, and execute permissions, and others have no permissions#
4. Change the permissions of the /pem2 directory so that the owner has read, write, and execute permissions, and others have no permissions
[root@sanchuang-linux pem]# chmod 700 /pem2
6.5 Change the permissions of /pem2 so that no one has any permissions#
5. Change the permissions of /pem2 so that no one has any permissions
[root@sanchuang-linux pem]# chmod 000 /pem2
6.6 Copy the /etc/passwd and /etc/shadow files to the /pem directory, check if the permissions after copying are the same, and how to keep the permissions consistent#
6. Copy the /etc/passwd and /etc/shadow files to the /pem directory, check if the permissions after copying are the same, and how to keep the permissions consistent
[root@sanchuang-linux pem]# cp /etc/{passwd,shadow} /pem
[root@sanchuang-linux pem]# ls -al /pem
--w-r--r-- 1 root root 3964 Nov 7 16:23 passwd
---------- 1 root root 4201 Nov 7 16:23 shadow
6.7 cp -a preserves file attributes (including permissions, time, user, group)#
cp -a preserves file attributes (including permissions, time, user, group)
[root@sanchuang-linux pem]# cp /home/sanchuang9/.viminfo /tmp/viminfo # Note: cp here changes owner and group
[root@sanchuang-linux pem]# ls -al /tmp/viminfo
--w------- 1 root root 1622 Nov 7 16:30 /tmp/viminfo
[root@sanchuang-linux pem]# ls -al /tmp/viminfo # Note: cp -a option does not change owner, group, permissions, or creation time
-rw------- 1 sanchuang9 sanchuang9 1622 Nov 7 16:11 /tmp/viminfo
7. Hidden Attributes of Files or Directories#
chattr command: Set hidden attributes of files
- Format:
chattr [+-=] [ai] file or directory# Note: +, -, = represent adding, removing, setting parameters respectively
Common command options
-R: Recursively modify-a: Can add file content, but cannot modify or delete-i: Lock and protect the file
lsattr command: View hidden attributes of files
- Format: lsattr [Rda] file or directory
Common command options
-R: Recursively modify-d: View directory
Note: Ordinary users cannot set hidden attributes of files; only root can set them#
Example 1: chattr +i hosts locks the file
# Note: Even root cannot modify it
--------------------------------------------------------------------------------------------
# Note: Cannot change the file (cannot delete, add, or move)
[root@sanchuang-linux pem]# chattr +i hosts # Note: Set to lock and protect the file; it cannot be changed
[root@sanchuang-linux pem]# mv hosts{,.bak} # Note: Cannot move (even as root)
mv: cannot move 'hosts' to 'hosts.bak': Operation not permitted
[root@sanchuang-linux pem]# ls -al hosts # Note: ls -al command cannot view hidden attributes
-rwxr-x--- 1 root root 158 Nov 7 16:20 hosts
[root@sanchuang-linux pem]# lsattr hosts # Note: lsattr can view hidden attributes of the file i
----i--------------- hosts # Note: Added an i attribute
[root@sanchuang-linux pem]# chattr -i hosts # Note: Remove the attribute and unlock
[root@sanchuang-linux pem]# lsattr hosts
-------------------- hosts # Note: i hidden attribute is gone
# Note: Cannot delete, add, or move (even root cannot)
============================================================================================
Example 2: chattr +a hosts can add file content but cannot modify or delete
# Note: Can use redirection to add file content but cannot modify or delete
--------------------------------------------------------------------------------------------
[root@sanchuang-linux pem]# chattr +a hosts # Note: Can add file content but cannot modify or delete
[root@sanchuang-linux pem]# lsattr hosts
-----a-------------- hosts # Note: Added a attribute
[root@sanchuang-linux pem]# vim hosts # Note: Cannot modify
[root@sanchuang-linux pem]# echo "aaaa" >> hosts # Note: Can append
[root@sanchuang-linux pem]# cat hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
aaaa
[root@sanchuang-linux pem]# rm -rf hosts # Note: Cannot delete
rm: cannot remove 'hosts': Operation not permitted
# Note: Cannot modify, can only append, cannot delete
# Note: Sometimes you may not want it to change under any circumstances, +a attribute
============================================================================================
Example 3: chattr +i /etc/passwd
--------------------------------------------------------------------------------------------
[root@sanchuang-linux pem]# chattr +i /etc/passwd # Note: After setting, cannot create users
[root@sanchuang-linux pem]# lsattr /etc/passwd # Note: View hidden attributes
----i--------------- /etc/passwd # Note: Hidden attribute i
[root@sanchuang-linux pem]# useradd sanchuang21 # Note: No matter what user, setting hidden attributes basically makes it impossible
useradd: cannot open /etc/passwd
[root@sanchuang-linux pem]# chattr -i /etc/passwd # Note: Unlock
============================================================================================
Example 4: Ordinary users cannot set hidden attributes of files
--------------------------------------------------------------------------------------------
[root@localhost ~]# su - sanchuang
[sanchuang@localhost ~]$ touch aa
[sanchuang@localhost ~]$ chattr +i aa # Note: Ordinary users cannot set hidden attributes of files
chattr: Operation not permitted while setting flags on aa
8. Normal Permissions of Files#
# Note: Normal file permissions are read, write, execute
[root@sanchuang-linux pem]# ls -ld /tmp
drwxrwxrwt. 12 root root 4096 Nov 7 16:30 /tmp # Note: t file has special permissions
9. Special Permissions of Files#
Note: Set Bit Permission Settings#
SET Bit Permissions
Main Purpose:
- To set for executable (with x permission) files, the permission character is “s” # Note: The previous x bit becomes s bit
- Other users executing this file will have the permissions of the owner or group user
Types of SET Bit Permissions:
- SUID: Indicates adding SET bit permissions for the owner
- SGID: Indicates adding SET bit permissions for users in the group
Note: Used on executable files#
Note: suid sgid corresponds to files#
Example: /bin/passwd
--------------------------------------------------------------------------------------------
[root@localhost ~]# which passwd
/bin/passwd
[root@localhost ~]# ls -ld /bin/passwd
-rwsr-xr-x. 1 root root 27856 Apr 1 2020 /bin/passwd
# Note: Ordinary users indirectly update their password in the shadow file as root user
[root@localhost ~]# su - sanchuang
[sanchuang@localhost ~]$ passwd sanchuang # Note: Cannot change password, other permissions are not in place
passwd: only root can specify a username.
# Note: s bit, this permission is rarely granted, must be under an executable file to take effect
# Note: This permission setting is given to everyone, cannot be precise to a specific user
Example: SET Bit Permission Setting
--------------------------------------------------------------------------------------------
[root@sanchuang-linux pem]# ls -ld /pem
d-wxr-xr-x 2 root root 47 Nov 7 16:42 /pem # Note: Only root user has write permission
# Note: How to allow ordinary users to create and write in /pem?
1. Set the permissions of /pem to 777
2. Set the mkdir SUID permission
[root@sanchuang-linux sbin]# which mkdir
/usr/bin/mkdir
[root@sanchuang-linux sbin]# ls -ld /usr/bin/mkdir # Note: No s attribute set
-rwxr-xr-x. 1 root root 195192 Apr 10 2020 /usr/bin/mkdir # Note: No s attribute set
[root@sanchuang-linux sbin]# chmod u+s /bin/mkdir # Note: Allow ordinary users to run mkdir with root (owner) permissions
[root@sanchuang-linux sbin]# ls -ld /usr/bin/mkdir # Note: Changed to s bit
-rwsr-xr-x. 1 root root 195192 Apr 10 2020 /usr/bin/mkdir
[root@sanchuang-linux sbin]# su - sanchuang9
Last login: Sat Nov 7 16:09:48 CST 2020 pts/0
[sanchuang9@sanchuang-linux pem]$ cd /pem
[sanchuang9@sanchuang-linux pem]$ ls
hosts passwd shadow
[sanchuang9@sanchuang-linux pem]$ mkdir aa # Note: Ordinary user has write permission now
[sanchuang9@sanchuang-linux pem]$ ls -ld /pem
d-wxr-xr-x 3 root root 57 Nov 7 16:59 /pem
[sanchuang9@sanchuang-linux pem]$ touch dd # Note: touch does not have this permission
touch: cannot create 'dd': Permission denied
[sanchuang9@sanchuang-linux pem]$ exit
Logout
[root@sanchuang-linux sbin]# chmod u-s /bin/mkdir
[root@sanchuang-linux sbin]# ls -ld /bin/mkdir
-rwxr-xr-x. 1 root root 195192 Apr 10 2020 /bin/mkdir
# Note: s bit is rarely granted
# Note: Do not easily grant s bit, it will affect users
10. Sticky Bit Permissions#
Sticky Bit Permissions
Main Purpose:
- To set for public directories (for example, with permission 777), the permission character is “
t” # Note: t sticky bit marker character - Users cannot delete files of other users in that directory
Note: Generally applies to folders#
Note: The sticky bit applies to folders#
Example 1
--------------------------------------------------------------------------------------------
[root@sanchuang-linux sbin]# ls -ld /tmp
drwxrwxrwt. 12 root root 4096 Nov 7 16:30 /tmp # Note: /tmp directory allows any user to read, write, and execute
# Note: Because of the sticky bit permission, users can only create their own files in /tmp and delete their own
# Note: Generally applies to folders
# Note: User sanchuang10 cannot delete files created by user sanchuang
==============================================================================================================
Example 2: chmod 777 /pem Ordinary users can operate files or folders and subfiles under /pem
# Note: 777 permission allows different users to delete files mutually
# Note: After setting the sticky bit, can only delete files they created
--------------------------------------------------------------------------------------------
[root@sanchuang-linux ~]# chmod 777 /pem # Note: Change /pem folder permission to 777
[root@sanchuang-linux ~]# ls -ld /pem # Note: All users have read, write, and execute permissions on /pem, including create and delete
drwxrwxrwx 3 root root 74 Nov 7 17:10 /pem
[root@sanchuang-linux ~]# su - sanchuang9 # Note: Ordinary user has create permission
Last login: Sat Nov 7 17:07:17 CST 2020 pts/2
[sanchuang9@sanchuang-linux ~]$ touch /pem/sanchuang9 # Note: Ordinary user has create permission
[root@sanchuang-linux ~]# su - sanchuang
[sanchuang9@sanchuang-linux ~]$ rm -rf /pem/sanchuang9 # Note: Ordinary user has delete permission
# Note: Users can delete files created by other users
==============================================================================================================
Example 3: Sticky Bit t
# Note: After setting the sticky bit, can only delete files they created
[sanchuang9@sanchuang-linux tmp]$ ls -ld /tmp
drwxrwxrwt. 13 root root 4096 Nov 7 17:07 /tmp # Note: /tmp directory has set a sticky bit
[sanchuang9@sanchuang-linux ~]$ touch /tmp/sanchuang9
[sanchuang9@sanchuang-linux ~]$ exit
[root@sanchuang-linux ~]# su - sanchuang
Last login: Sun Nov 8 19:05:55 CST 2020 pts/3
[sanchuang9@sanchuang-linux ~]$ rm -rf /tmp/sanchuang9 # Note: Because a sticky bit is set
rm: cannot remove '/tmp/sanchuang9': Operation not permitted # Note: Users can only create and delete their own files in /tmp
# Note: The effect of the sticky bit
# Note: · To set for public directories (for example, with permission 777), the permission character is “t”
# Note: · Users cannot delete files of other users in that directory
# Note: Generally applies to folders
11. Set SET Bit and Sticky Bit Permissions#
Set SET Bit and Sticky Bit Permissions
Using Permission Characters
chmod ug±s executable file...# Note: Set set bitchmod o±t directory name...# Note: Set sticky bit
Using Permission Numbers
chmod mnnn executable file...- m is 4 for SUID, 2 for SGID, 1 for sticky bit, can be combined # Note: m is 4 for set bit
Example
--------------------------------------------------------------------------------------------
[root@sanchuang-linux ~]# ls -ld /tmp
drwxrwxrwt. 13 root root 4096 Nov 7 17:07 /tmp # Note: /tmp directory has set a sticky bit, permission is 1777
# Note: /tmp directory has set a sticky bit, the first digit is 1
============================================================================================
Example: Set Sticky Bit
--------------------------------------------------------------------------------------------
[root@sanchuang-linux ~]# chmod 1777 /pem
[root@sanchuang-linux ~]# ls -ld /pem
drwxrwxrwt 3 root root 74 Nov 7 17:10 /pem # Note: Sticky bit t is in place of the previous x
# Note: Generally, sticky bit and set bit do not need to be used, three digits are enough
-----------------------------------------------------------------
[root@sanchuang-linux ~]# ls -ld /bin/mkdir
-rwxr-xr-x. 1 root root 195192 Apr 10 2020 /bin/mkdir
[root@sanchuang-linux ~]# chmod 4755 /bin/mkdir # Note: Set to SET bit SUID permission
[root@sanchuang-linux ~]# ls -ld /bin/mkdir
-rwsr-xr-x. 1 root root 195192 Apr 10 2020 /bin/mkdir
[root@sanchuang-linux ~]# chmod 755 /bin/mkdir # Note: Change back
[root@sanchuang-linux ~]# ls -ld /bin/mkdir
-rwxr-xr-x. 1 root root 195192 Apr 10 2020 /bin/mkdir