Visits

 [+/-]
Today:
Yesterday:
Day before yesterday: 		270
307
349
-42
This week:
Last week:
Week before last week: 		270
2123
2398
-275

Last month:
Month before last month:		1767
9701
492
+9209

Visitor Data

IP ADDRESS
38.103.63.61
-
Location
United States
-
Browser
Unknown Browser
-
Operating System
Unknown Operating System

Most Downloaded


No Documents
Add to: JBookmarks Add to: Bookmarks.cc Add to: Digg Add to: Reddit Add to: Upchuckr Add to: StumbleUpon Add to: Slashdot Add to: Blogmarks Add to: Technorati Add to: Newsvine Add to: Blinkbits Add to: Smarking Add to: Spurl Add to: Google Information
Legit Code.com : UNIX/Linux Information Community (\li-jit\ \kōd\)

02

Oct
SUID, STICKY, and CHATTR
SUID, STICKY and CHATTR ( Advanced permissions )

There are some very special and advanced file permissions: the SUID/SGID Flag, the Sticky Bit and Change Attribute. In this Tip I will give a brief description.

The "SUID flag" ( Allow user ID access ) This mode gives normal users permission to execute files they normally would not be allowed to. 

CODE
# chmod u+s testfile


If you use chmod with numbers the number for SUID is 4000. An example what "ls -l" will show: 

QUOTE
-rwsr-xr-x  1 root root    0 Sep 20 20:40 testfile*



The "SGID flag" ( Allow group ID access ). Same as SUID but then for groups 

CODE
# chmod g+s testfile


If you use chmod with numbers the number for SGID is 2000. An example what "ls -l" will show: 

QUOTE
-rwxr-sr-x  1 root root   0 Sep 20 20:40 testfile*


NOTE: There are security issues with the SUID and SGID flags so only use it when absolutely needed.


The "Sticky Bit" ( Only the user that created the file, in the directory with the Sticky Bit, can delete it ): 

CODE
# chmod +t testdirectory


If you use chmod with numbers the number for the Stick Bit is 1000. An example what "ls -l" will show: 

QUOTE
drwxr-xr-t  2 root root    4096 Sep 20 20:44 testdirectory/


A quote from the chmod man page:

QUOTE STICKY FILES On older Unix systems, the sticky bit caused executable files to be hoarded in swap space. This feature is not useful on modern VM systems, and the Linux kernel ignores the sticky bit on files. Other kernels may use the sticky bit on files for system-defined purposes. On some systems, only the superuser can set the sticky bit on files. STICKY DIRECTORIES When the sticky bit is set on a directory, files in that directory may be unlinked or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are world-writable.


And finally "chattr" ( Change file attribute ) has many options, one of them is "i", the immutable flag, meaning nobody, even root, can make changes to a file: 

CODE
# chattr +i testfile


In this case "ls -l" will show nothing special: 

QUOTE
-rwxr-xr-x  1 root root   0 Sep 20 20:40 testfile*


But related to the chattr command is "lsattr" it lists attributes set for a file: 

CODE
# lsattr testfile


An example of what "lsattr" will show: 

QUOTE
----i--------   testfile


To remove the immutable flag simply do "chattr -i"

See "man chattr" for more options of the chattr command.
 
2008 Legitcode.com : All Rights Reserved