Suid & Sgid & Sticky bit & Effective ID & Real ID

[root@station home]# ll -d admins/
drwxrwx---. 2 root adminuser 1024 Apr  9 16:19 admins/
[root@station home]# chmod 1770 admins/
[root@station home]# ll -d admins/
drwxrwx--T. 2 root adminuser 1024 Apr  9 16:19 admins/
[root@station home]# chmod -t admins/
[root@station home]# chmod 2770 admins/
[root@station home]# ll -d admins/
drwxrws---. 2 root adminuser 1024 Apr  9 16:19 admins/
[root@station home]# chmod -s admins/
[root@station home]# ll -d admins/
drwxrwx---. 2 root adminuser 1024 Apr  9 16:19 admins/
[root@station home]# chmod 4770 admins/
[root@station home]# ll -d admins/
drwsrwx---. 2 root adminuser 1024 Apr  9 16:19 admins/
[root@station home]# chmod -s admins/
[root@station home]# chmod 7770 admins/
drwsrws--T. 2 root adminuser 1024 Apr  9 16:19 admins/

chmod #ugo file
# = 1: sticky bit
# = 2: set group id (sgid)
# = 4: set user id (suid)

You can set or clear the bits with symbolic modes like u+s and g-s, and you  can  set ( but not clear) the bits with a numeric mode.


sticky bit:
For directories, it  prevents unprivileged users from removing or renaming a file in the directory unless they own the file or the directory; this is called the restricted deletion flag for the directory, and is commonly found on world-writable  directories  like  /tmp.

set group id:
For directories, file created under the directory will have the same group as father directory.

set user id:
For files, user can run the program with owner's privilege.

REF:

man chmod

Supplements (Mon Jan  7 00:33:37 CST 2013)

1. setuid只对二进制文件或者perl脚本起作用（suid可以加在shell脚本上，但是不起作用）

Note: For security reasons the s-bit works only when used on binaries
(compiled code) and not on scripts (an exception are perl scripts).
Scripts,i.e. programs that cannot be executed by the kernel directory
but need an interpreter such as the Bourne shell or Java,can have
their setuid bit set, but it doesn't have any effect. There are some
platforms that honor the s bits even on scripts ( some System V vari-
ants, for example), but most systems don't because it has proven such
a security headache - most interpreters simply aren't written with
much security in mind. Set the SUID bit on shell script is useless,
that's why I am using perl script here.

http://www.bashguru.com/2010/03/unixlinux-advanced-file-permissions.html

2. 在运行有suid的perl时如果碰到以下错误，在pl脚本本机中加入$ENV{"PATH"} = "/usr/bin";这行代码即可，/usr/bin为pl可执行文件所在的目录。

Insecure $ENV{PATH} while running setuid at
http://chrisjean.com/2011/06/06/fix-insecure-envpath-while-running-setuid/

示例perl代码：

#!/usr/bin/perl
$ENV{"PATH"} = "/bin";
system('ls','/root');
system('touch','/root/root');
system('ls','/test');
system('touch','/test/test');

20140227补充：

分享一篇关于Effective ID和Real ID的文章
我们不能直接用vim编辑/etc/shadow文件,因为kernel会检查我们的effectvie ID,进而发现vim没有权限去修改root的文件
但是我们却可以通过passwd程序来修改/etc/shadow文件,因为passwd有setuid位,调用它时,我们的effectvie ID被设置成了0,即root的uid
不过我们却不能用passwd程序修改别人的密码,这是因为passwd会检查我们的real ID,如果real ID不匹配则拒绝修改
初始状态时real ID和effective ID一样,都等于/etc/passwd文件里的uid.不过effective ID主要用来进行权限验证并可通过带有suid位的程序改变,而real ID不能改变
Real and Effective IDs
http://www.lst.de/~okir/blackhats/node23.html