setuid:跟文件所有者一樣,得到相同權限。sudo爲權限下放,su - user爲切換用戶
-rwsr-xr-x root root /usr/bin/passwd:s小寫說明有x權限(大寫則沒有x權限),其他所有的人用有跟root用戶一樣權限可操作/usr/bin/passwd文件
chmod 4755 /xx 可讓文件獲取該權限
chmod 755 /xx 取消文件該權限
suid典型列子/usr/bin/passwd,都能使用這個命令: passwd xx
setgid:用於目錄中,多用戶共享一個權限創建目錄
粘貼位一般也是用於目錄
使任何人在該目錄下創建的文件都屬於該用戶組
chmod 2644 /dir 獲取gid權限
[root@yami test]# ls -ld
drwxr-xr-x 2 root root 4096 Jun 17 18:27 .
[root@yami test]# chmod 2755 .
[root@yami test]# ;s -ld
-bash: syntax error near unexpected token `;'
[root@yami test]# ls -ld
drwxr-sr-x 2 root root 4096 Jun 17 18:27 .
[root@yami test]# su - scott
[scott@yami ~]$ cd /test/
[scott@yami test]$ ls -l
total 16
-rw-r--r-- 1 root root 0 Jun 17 18:27 a.out
-rw-r--r-- 1 root root 164 Jun 17 04:32 hosts.txt
-rw-r--r-- 1 root root 39 Jun 17 04:32 network.txt
-rw-r--r-- 1 root root 1694 Jun 17 04:32 passwd.txt
-rw-r--r-- 1 root root 16 Jun 17 18:14 test.txt
[scott@yami test]$ ls -ld
drwxr-sr-x 2 root root 4096 Jun 17 18:27 .
[scott@yami test]$ touch scott.sgid
touch: cannot touch `scott.sgid': Permission denied
[scott@yami test]$ touch
touch: missing file operand
Try `touch --help' for more information.
[scott@yami test]$ touch scott
touch: cannot touch `scott': Permission denied
[scott@yami test]$ ls -ld
drwxr-sr-x 2 root root 4096 Jun 17 18:27 .
[scott@yami test]$ exit
logout
[root@yami test]# ls -ld
drwxr-sr-x 2 root root 4096 Jun 17 18:27 .
[root@yami test]# chmod g+w .
[root@yami test]# ls -ld
drwxrwsr-x 2 root root 4096 Jun 17 18:27 .
[root@yami test]# su - scott
[scott@yami ~]$ cd /test/
[scott@yami test]$ ls -ld
drwxrwsr-x 2 root root 4096 Jun 17 18:27 .
[scott@yami test]$ touch scott.sgid
touch: cannot touch `scott.sgid': Permission denied
[scott@yami test]$ touch scott
touch: cannot touch `scott': Permission denied
[scott@yami test]$ exit
logout
[root@yami test]# chmod g-w .
[root@yami test]# chmod 0+w .
chmod: invalid mode: `0+w'
Try `chmod --help' for more information.
[root@yami test]# chmod o+w .
[root@yami test]# su - scott
[scott@yami ~]$ cd /test/
[scott@yami test]$ ls -ld
drwxr-srwx 2 root root 4096 Jun 17 18:27 .
[scott@yami test]$ touch scott.sgid
[scott@yami test]$ ls -l
total 16
-rw-r--r-- 1 root root 0 Jun 17 18:27 a.out
-rw-r--r-- 1 root root 164 Jun 17 04:32 hosts.txt
-rw-r--r-- 1 root root 39 Jun 17 04:32 network.txt
-rw-r--r-- 1 root root 1694 Jun 17 04:32 passwd.txt
-rw-rw-r-- 1 scott root 0 Jun 18 14:10 scott.sgid
-rw-r--r-- 1 root root 16 Jun 17 18:14 test.txt
=====
[root@yami suid]# chmod 1777 .
[root@yami suid]# ls -ld
drwsrwsrwt 2 root root 4096 Jun 18 14:17 .
[root@yami suid]# chmod 777 .
[root@yami suid]# ls -ld
drwsrwsrwx 2 root root 4096 Jun 18 14:17 .
[root@yami suid]# chmod 2755 .
[root@yami suid]# ls -ld
drwsr-sr-x 2 root root 4096 Jun 18 14:17 .
[root@yami suid]# chmod 644 .
[root@yami suid]# ls -ld
drwSr-Sr-- 2 root root 4096 Jun 18 14:17 .
[root@yami suid]# chmod 0644 .
[root@yami suid]# ls -ld
drwSr-Sr-- 2 root root 4096 Jun 18 14:17 .
[root@yami suid]# chmod 4755 .
[root@yami suid]# ls -ld
drwsr-sr-x 2 root root 4096 Jun 18 14:17 .
[root@yami suid]# chmod 755 ../s
sbin/ selinux/ srv/ suid/ sys/
[root@yami suid]# chmod 755 ../s
sbin/ selinux/ srv/ suid/ sys/
[root@yami suid]# chmod 755 ../suid/
[root@yami suid]#
[root@yami suid]# ls -ld
drwsr-sr-x 2 root root 4096 Jun 18 14:17 .
[root@yami suid]# ls -ld /test/
drwxr-srwx 2 root root 4096 Jun 18 14:10 /test/
[root@yami suid]# chmod 755 /test
[root@yami suid]# ls -ld /test/
drwxr-sr-x 2 root root 4096 Jun 18 14:10 /test/
[root@yami suid]# ls -ld
drwsr-sr-x 2 root root 4096 Jun 18 14:17 .
[root@yami suid]# ls -l
total 4
-rwxr--r-- 1 root root 8 Jun 18 14:31 file
[root@yami suid]# rm file
rm: remove regular file `file'? y
[root@yami suid]# ls -ld
drwsr-sr-x 2 root root 4096 Jun 18 14:42 .
[root@yami suid]# chmod 755 .
[root@yami suid]# ls -ld
drwsr-sr-x 2 root root 4096 Jun 18 14:42 .
[root@yami suid]# chmod u-s .
[root@yami suid]# ls -ld
drwxr-sr-x 2 root root 4096 Jun 18 14:42 .
[root@yami suid]# chmod g-s .
[root@yami suid]# ls -ld
drwxr-xr-x 2 root root 4096 Jun 18 14:42 .
以上爲:想要刪除掉setuid,setgid權限,用chmod 755 .發現不好使
用chmod ug-s .就可以,故做修改