特殊权限
setuid
setuid的权限是4开头的 4xxx
权限位作用于属主的x位 可执行的权限位 执行这条命令的时候,相当于这条命令的所有者 root
使用 s 表示
[root@zzc ~]
-rwsr-xr-x. 1 root root 27832 Jun 10 2014 /usr/bin/passwd
[root@zzc ~]
-rwxr-xr-x. 1 root root 62952 Oct 31 2018 /usr/bin/rm
[root@zzc ~]
Last login: Thu Jul 23 12:24:52 CST 2020 from 10.0.0.1 on pts/4
[zzc01@zzc ~]$ rm -rf /opt/
rm: cannot remove ‘/opt/’: Permission denied
[zzc01@zzc ~]$ ll -d /
dr-xr-xr-x. 17 root root 224 Jul 22 10:21 /
[zzc01@zzc ~]$ logout
[root@zzc ~]
[root@zzc ~]
ls: cannot access /opt/: No such file or directory
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
dr-xr-xrwx. 17 root root 224 Jul 24 08:38 /
[root@zzc ~]
Last login: Fri Jul 24 08:37:21 CST 2020 on pts/0
[zzc01@zzc ~]$ rm -rf /opt/
[zzc01@zzc ~]$ logout
[root@zzc ~]
chmod: /: new permissions are r-xr-xrwx, not r-xr-xr-x
[root@zzc ~]
[root@zzc ~]
dr-xr-xr-x. 16 root root 213 Jul 24 08:39 /
[root@zzc ~]
-rwxr-xr-x. 1 root root 62952 Oct 31 2018 /usr/bin/rm
[root@zzc ~]
[root@zzc ~]
-rwsr-xr-x. 1 root root 62952 Oct 31 2018 /usr/bin/rm
[root@zzc ~]
[root@zzc ~]
Last login: Fri Jul 24 08:39:42 CST 2020 on pts/0
[zzc01@zzc ~]$ rm -rf /opt/
[zzc01@zzc ~]$ logout
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
-rwxr-xr-x. 1 root root 801 Nov 5 2018 /usr/bin/yum
[root@zzc ~]
Last login: Fri Jul 24 08:42:10 CST 2020 on pts/0
[zzc01@zzc ~]$ yum install -y sl
Loaded plugins: fastestmirror
You need to be root to perform this command.
[zzc01@zzc ~]$ yum install -y mysql-server
Loaded plugins: fastestmirror
You need to be root to perform this command.
[zzc01@zzc ~]$ logout
[root@zzc ~]
-rwxr-xr-x. 1 root root 801 Nov 5 2018 /usr/bin/yum
[root@zzc ~]
[root@zzc ~]
-rwsr-xr-x. 1 root root 801 Nov 5 2018 /usr/bin/yum
[root@zzc ~]
Last login: Fri Jul 24 08:45:28 CST 2020 on pts/0
[zzc01@zzc ~]$ yum install -y mysql-server
Loaded plugins: fastestmirror
You need to be root to perform this command.
[root@zzc ~]
-rwxr-xr-x. 1 root root 54160 Oct 31 2018 /usr/bin/cat
[root@zzc ~]
File: ‘/usr/bin/cat’
Size: 54160 Blocks: 112 IO Block: 4096 regular file
Device: 803h/2051d Inode: 201349408 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-07-24 08:52:48.370831557 +0800
Modify: 2018-10-31 03:16:01.000000000 +0800
Change: 2020-07-24 08:52:58.961832157 +0800
Birth: -
[root@zzc ~]
File: ‘/usr/bin/passwd’
Size: 27832 Blocks: 56 IO Block: 4096 regular file
Device: 803h/2051d Inode: 201636086 Links: 1
Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-07-23 09:58:46.365163401 +0800
Modify: 2014-06-10 14:27:56.000000000 +0800
Change: 2020-07-06 02:14:21.159994247 +0800
Birth: -
[root@zzc ~]
-rwsr-xr-x. 1 root root 27832 Jun 10 2014 /usr/bin/passwd
[root@zzc ~]
[root@zzc ~]
-rw-r--r--. 1 root root 54160 Oct 31 2018 /usr/bin/cat
[root@zzc ~]
[root@zzc ~]
-rwSr--r--. 1 root root 54160 Oct 31 2018 /usr/bin/cat
[root@zzc ~]
[root@zzc ~]
-rwsr-xr-x. 1 root root 54160 Oct 31 2018 /usr/bin/cat
[root@zzc ~]
[root@zzc ~]
setgid
setgid的权限是2开头的 2xxx
权限为作用在属组的x位 使用 s表示 有大S 和小s
用户在某个目录下新创建的目录或者文件,默认的所属组是自己的基本组
当设置setgid之后,用户新创建的目录或者文件的默认所属组不在是自己的组了
默认的组就是这个目录的所属组 让多个用户能够共享一个目录
[root@zzc ~]
[root@zzc ~]
drwxr-xr-x 2 root root 6 Jul 24 09:06 /data
[root@zzc ~]
[root@zzc ~]
drwxrwx--- 2 root root 6 Jul 24 09:06 /data
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
drwxrwx--- 2 root ops_group 6 Jul 24 09:06 /data/
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
uid=1046(ops03) gid=1048(ops03) groups=1048(ops03)
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
[ops01@zzc ~]$ touch /data/ops01.txt
[ops01@zzc ~]$ ll /data/ops01.txt
-rw-rw-r-- 1 ops01 ops01 0 Jul 24 09:10 /data/ops01.txt
[ops01@zzc ~]$ logout
[root@zzc ~]
[ops02@zzc ~]$ touch /data/ops02.txt
[ops02@zzc ~]$ ll /data/ops02.txt
-rw-rw-r-- 1 ops02 ops02 0 Jul 24 09:11 /data/ops02.txt
[ops02@zzc ~]$ logout
[root@zzc ~]
[ops03@zzc ~]$ touch /data/ops03.txt
[ops03@zzc ~]$ ll /data/ops03.txt
-rw-rw-r-- 1 ops03 ops03 0 Jul 24 09:11 /data/ops03.txt
[ops03@zzc ~]$ logout
[root@zzc ~]
total 0
-rw-rw-r-- 1 ops01 ops01 0 Jul 24 09:10 ops01.txt
-rw-rw-r-- 1 ops02 ops02 0 Jul 24 09:11 ops02.txt
-rw-rw-r-- 1 ops03 ops03 0 Jul 24 09:11 ops03.txt
[root@zzc ~]
[root@zzc ~]
drwxrws--- 2 root ops_group 57 Jul 24 09:11 /data/
[root@zzc ~]
File: ‘/data/’
Size: 57 Blocks: 0 IO Block: 4096 directory
Device: 803h/2051d Inode: 818813 Links: 2
Access: (2770/drwxrws---) Uid: ( 0/ root) Gid: ( 1045/ops_group)
Access: 2020-07-24 09:11:26.981894897 +0800
Modify: 2020-07-24 09:11:17.173894341 +0800
Change: 2020-07-24 09:13:03.894900384 +0800
Birth: -
[root@zzc ~]
total 0
-rw-rw-r-- 1 ops01 ops01 0 Jul 24 09:10 ops01.txt
-rw-rw-r-- 1 ops02 ops02 0 Jul 24 09:11 ops02.txt
-rw-rw-r-- 1 ops03 ops03 0 Jul 24 09:11 ops03.txt
[root@zzc ~]
[root@zzc ~]
total 4
-rw-rw-r-- 1 ops01 ops01 0 Jul 24 09:10 ops01.txt
-rw-rw-r-- 1 ops02 ops02 0 Jul 24 09:11 ops02.txt
-rw-rw-r-- 1 ops03 ops03 0 Jul 24 09:11 ops03.txt
-rw-r--r-- 1 root ops_group 5 Jul 24 09:14 root.log
[root@zzc ~]
Last login: Fri Jul 24 09:10:22 CST 2020 on pts/0
[ops01@zzc ~]$ echo "ops01" > /data/ops01.log
[ops01@zzc ~]$ logout
[root@zzc ~]
Last login: Fri Jul 24 09:10:52 CST 2020 on pts/0
[ops02@zzc ~]$ echo "ops02" > /data/ops02.log
[ops02@zzc ~]$ ll /data/
total 12
-rw-rw-r-- 1 ops01 ops_group 6 Jul 24 09:15 ops01.log
-rw-rw-r-- 1 ops01 ops01 0 Jul 24 09:10 ops01.txt
-rw-rw-r-- 1 ops02 ops_group 6 Jul 24 09:15 ops02.log
-rw-rw-r-- 1 ops02 ops02 0 Jul 24 09:11 ops02.txt
-rw-rw-r-- 1 ops03 ops03 0 Jul 24 09:11 ops03.txt
-rw-r--r-- 1 root ops_group 5 Jul 24 09:14 root.log
[ops02@zzc ~]$ vim /data/ops01.log
[ops02@zzc ~]$ cat /data/ops01.log
ops01
ops02
[ops02@zzc ~]$ umask
0002
[ops02@zzc ~]$ ll /data/
total 12
-rw-rw-r-- 1 ops01 ops_group 12 Jul 24 09:16 ops01.log
-rw-rw-r-- 1 ops01 ops01 0 Jul 24 09:10 ops01.txt
-rw-rw-r-- 1 ops02 ops_group 6 Jul 24 09:15 ops02.log
-rw-rw-r-- 1 ops02 ops02 0 Jul 24 09:11 ops02.txt
-rw-rw-r-- 1 ops03 ops03 0 Jul 24 09:11 ops03.txt
-rw-r--r-- 1 root ops_group 5 Jul 24 09:14 root.log
[ops02@zzc ~]$ rm -f /data/ops01.txt
[ops02@zzc ~]$ ll -d /data/
drwxrws--- 2 root ops_group 90 Jul 24 09:20 /data/
[ops02@zzc ~]$ mkdir /data/test
[ops02@zzc ~]$ ll /data/test
total 0
[ops02@zzc ~]$ ll /data/
total 12
-rw-rw-r-- 1 ops01 ops_group 12 Jul 24 09:16 ops01.log
-rw-rw-r-- 1 ops02 ops_group 6 Jul 24 09:15 ops02.log
-rw-rw-r-- 1 ops02 ops02 0 Jul 24 09:11 ops02.txt
-rw-rw-r-- 1 ops03 ops03 0 Jul 24 09:11 ops03.txt
-rw-r--r-- 1 root ops_group 5 Jul 24 09:14 root.log
drwxrwsr-x 2 ops02 ops_group 6 Jul 24 09:21 test
sticky 粘滞位
sticky的权限是1开头的 1xxx
权限作用于 others 的x位 使用 t 表示 小t 大T
给目录设置, 一个目录所有用户都拥有管理的权限 777 针对此目录设置一个粘滞位
所有用户都可以在这个目录进行创建、删除文件的权利 但是只能管理自己的文件 或者管理员拥有管理所有文件的权限 root
[root@zzc ~]
drwxrwxrwt. 15 root root 4096 Jul 24 09:02 /tmp/
[root@zzc ~]
File: ‘/tmp/’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 803h/2051d Inode: 67108936 Links: 15
Access: (1777/drwxrwxrwt) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-07-24 09:49:40.026024737 +0800
Modify: 2020-07-24 09:02:34.229864730 +0800
Change: 2020-07-24 09:02:34.229864730 +0800
Birth: -
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
drwxrwxrwx 2 root root 6 Jul 24 09:50 /test
[root@zzc ~]
root /test/root.txt
[root@zzc ~]
[root@zzc ~]
Last login: Fri Jul 24 09:14:53 CST 2020 on pts/0
[ops01@zzc ~]$ echo "ops01" > /test/ops01.txt
[ops01@zzc ~]$ logout
[root@zzc ~]
Last login: Wed Jul 22 10:49:56 CST 2020 from 10.0.0.1 on pts/1
[dev01@zzc ~]$ echo "dev01" > /test/dev01.txt
[dev01@zzc ~]$ logout
[root@zzc ~]
total 12
-rw-rw-r-- 1 dev01 dev01 6 Jul 24 09:52 dev01.txt
-rw-rw-r-- 1 ops01 ops01 6 Jul 24 09:51 ops01.txt
-rw-r--r-- 1 root root 5 Jul 24 09:51 root.txt
[root@zzc ~]
Last login: Fri Jul 24 09:51:51 CST 2020 on pts/0
[dev01@zzc ~]$ ll /test/
total 12
-rw-rw-r-- 1 dev01 dev01 6 Jul 24 09:52 dev01.txt
-rw-rw-r-- 1 ops01 ops01 6 Jul 24 09:51 ops01.txt
-rw-r--r-- 1 root root 5 Jul 24 09:51 root.txt
[dev01@zzc ~]$ rm -f /test/ops01.txt
[dev01@zzc ~]$ ll /test/
total 8
-rw-rw-r-- 1 dev01 dev01 6 Jul 24 09:52 dev01.txt
-rw-r--r-- 1 root root 5 Jul 24 09:51 root.txt
[root@zzc ~]
[root@zzc ~]
File: ‘/test/’
Size: 39 Blocks: 0 IO Block: 4096 directory
Device: 803h/2051d Inode: 67588796 Links: 2
Access: (1777/drwxrwxrwt) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-07-24 09:53:31.177037826 +0800
Modify: 2020-07-24 09:53:25.993037532 +0800
Change: 2020-07-24 09:55:02.412042992 +0800
Birth: -
[root@zzc ~]
Last login: Fri Jul 24 09:51:32 CST 2020 on pts/0
[ops01@zzc ~]$ echo "ops01" > /test/ops.txt
[ops01@zzc ~]$ ll /test/
total 12
-rw-rw-r-- 1 dev01 dev01 6 Jul 24 09:52 dev01.txt
-rw-rw-r-- 1 ops01 ops01 6 Jul 24 09:55 ops.txt
-rw-r--r-- 1 root root 5 Jul 24 09:51 root.txt
[root@zzc ~]
Last login: Fri Jul 24 09:52:59 CST 2020 on pts/0
[dev01@zzc ~]$ ll /test/
total 12
-rw-rw-r-- 1 dev01 dev01 6 Jul 24 09:52 dev01.txt
-rw-rw-r-- 1 ops01 ops01 6 Jul 24 09:55 ops.txt
-rw-r--r-- 1 root root 5 Jul 24 09:51 root.txt
[dev01@zzc ~]$ rm -f /test/ops.txt
rm: cannot remove ‘/test/ops.txt’: Operation not permitted
[dev01@zzc ~]$ rm -f /test/dev01.txt
[dev01@zzc ~]$ ll /test/
total 8
-rw-rw-r-- 1 ops01 ops01 6 Jul 24 09:55 ops.txt
-rw-r--r-- 1 root root 5 Jul 24 09:51 root.txt
[dev01@zzc ~]$ logout
[root@zzc ~]
[root@zzc ~]
特殊属性
特殊属性不受普通权限的限制
lsattr
chattr
a
i
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
total 0
-rw-r--r-- 1 root root 0 Jul 24 10:08 test.log
-rw-r--r-- 1 root root 0 Jul 24 10:08 test.txt
[root@zzc ~]
---------------- test.log
[root@zzc ~]
---------------- test.txt
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
total 8
-rw-r--r-- 1 root root 5 Jul 24 10:09 test.log
-rw-r--r-- 1 root root 5 Jul 24 10:09 test.txt
[root@zzc ~]
[root@zzc ~]
-rw-r--r-- 1 root root 5 Jul 24 10:09 test.log
[root@zzc ~]
-----a---------- test.log
[root@zzc ~]
test
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
-bash: test.log: Operation not permitted
[root@zzc ~]
[root@zzc ~]
test
hello
[root@zzc ~]
rm: cannot remove ‘test.log’: Operation not permitted
[root@zzc ~]
mv: cannot move ‘test.log’ to ‘/tmp/test.log’: Operation not permitted
[root@zzc ~]
[root@zzc ~]
[root@zzc ~]
----i----------- test.txt
[root@zzc ~]
test
[root@zzc ~]
rm: cannot remove ‘test.txt’: Operation not permitted
[root@zzc ~]
mv: cannot move ‘test.txt’ to ‘/tmp/test.txt’: Operation not permitted
[root@zzc ~]
[root@zzc ~]
-bash: test.txt: Permission denied
[root@zzc ~]
-bash: test.txt: Permission denied