Skip to main content

Manage Advance Permission



1. SUID


A user would write to the /etc/shadow file to change password, but he doesn't have root permission to do it.

[root@hnl ~]# ls -l /etc/shadow
----------. 1 root root 1184 Apr 30 16:54 /etc/shadow

SUID solves the problem by giving temporary root permission to the user.

[root@hnl ~]# ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 32680 Jan 28 2010 /usr/bin/passwd
 
   ---> use s to replace user execute permissions

2. SGID


Both Linda and Lori work at the accounting group.

When Linda creates a file, the file's group ownership is her primary group: Linda. Lori cannot access this file.

SGID is used to make the directory tree (i.e. files and subdirectories)shared among the accounting group.

Both users have accounting as their secondary group. Linda's file is shared with Lori with the help of SGID.

[root@hnl data]# ls -ld account
drwxr-sr-x. 2 root account 4096 Apr 30 21:28 account

      ---> use s to replace group execute permission

3. Sticky bit


Lori can write to the file Linda creates.
But he is not able to delete her file, with the help of the sticky bit.

Who can delete Linda's file?

Linda or the user owner of the group directory.

[root@hnl data]# ls -ld account/
drwxr-sr-t. 2 root account 4096 Apr 30 21:28 account/

         ---> use t to replace others' execute permission

4. Conclusion



  • When Linda creates a directory for the accounting group, she just needs to set SGID and a sticky bit to the group directory. 
  • All files under would have the permission as desired.

Comments

Post a Comment

Popular posts from this blog

Rib eye with shrimp paste

 6tbsp veg oil 1 1/4 lb bone in rib eye (1 1/2" thick) yu choy or bok choy halved lenghtwise if large 2 scallions, cut into 1'' pieces 2 garlic cloves, crushed 1 lemongrass stalk, tough outer layer removed, chopped 3'' piece ginger sliced 1/2 cup shrimp paste or crab paste 1. meidum high heat, oil grill grate + large cast-iron skillet on grill steak + salt + pepper, + 1tbsp oil rub to coat 2. bok choy in large bowl, drizzle 1tbsp oil over and season with salt. toss 3. grill steak on grate until deeply browned, 2 min per side 4. heat 4tbsp oil in skillet, cook scallions, garlic, lemongrass, giner, stir, until fragrant and starting to brown, about 1 min. Stir in shrimp paste 5. when shrimp mixture is bubbling, transfer steak to skillet. Cook. Turn every few mins, until medium rare, thickest part 125 degree. about 7 mins transfer steak to cutting borad, let rest 10 mins, set skillet with sauce aside 6. Grill boy choy, turning occas. until wilted and charred in spots, ...
2 comments
Read more

Daikon And Grilled Chicken

  1. Cut radishes into quarters if smaller or into ½" pieces if larger + salt, pepper + 6 sliced scallions 2/ 2 Tbsp white wine vinegar + 1 Tbsp. prepared horseradish + 2 tsp. Dijon mustard 1/4 cup extra-virgin olive oil put half of the vinaigrette into the radish mixture 3/ 2 boneless chicken breasts, pound out to about 1/4'' thick. + salt and pepper on both sides 3 Tbsp. extra-virgin olive oil in skillet medium-high heat press down chicken firmly for good contact, 5 mins undisturbed, golden brown on one side turn over, 2 mins on the other side 4/ transfer chicken breast to vinaigrette, let sit 5 minutes Transfer to a clean cutting board cut crosswise into 4 or 5 pieces + radish salad
1 comment
Read more

Automate "Loop Mount" Installation Disk on Linux

 Today I encounter an interesting task about system administration: Configure your system to automatically loop-mount the ISO of the installation disk on the directory /repo. Configure your system to remove this loop-mounted ISO as the only repository that is used for installation. Do not register your system with subscription-manager, and remove all reference to external repositories that may already exist. This is a common issue when you set up the VM: After you finish installing Linux, you want to boot the Linux normally, rather than running into the installation disk again. So when you install Linux, you attach the iso image. Later detach the iso so that Linux can boot normally. This could be easily done from virtualization software such as VirtualBox, VMWare Workstation, thanks to their user-friendly UI. However, this task asks you to do it through automation. In system admin books, this is barely mentioned. But it's still worth digging: in the scenario where you're settin...
Post a Comment
Read more