Information Technology Reference
In-Depth Information
Multiple changes can be specified by separating them with commas. The fol-
lowing listing shows using the
chmod
command in symbolic mode:
# ls -l file1
-rwxrwxrw- 1 ambro other 636 Jul 24 12:40 file1
# chmod u-x,g-w,g-x,o-w,o+x file1
# ls -l file1
-rw-r---r-x 1 ambro other 636 Jul 24 12:40 file1
#
Special Permissions
Several special permissions can be set on files and directories. These are:
Set User ID (
setuid
)—Sets effective UID to owner on execution
➤
Set Group ID (
setgid
)—Sets effective GID to group on execution
➤
Mandatory Locking—Prevents reading or writing to files while a pro-
gram has a file open
➤
Sticky Bit—Allows only the owner to remove files/directories under a
specific directory
➤
The
setuid
and
setgid
permissions impact security and allow a user account
or group account to temporarily become another user account or group
account during the execution of a program. These are controlled using the
chmod
command like the read, write and execute file permissions.
The
setuid
permission has an absolute mode of 4000 and a symbolic mode
of
s
when used with the
chmod
command.
The user execution permission must be set in order for the
setuid
to be effective. The
setgid
permission is shown as
s
in the user account execution permission field of the
output of an
ls
command. If
setuid
is added to a file without execution permission, it
is an undefined state. This is shown as
S
in the user execution permission field of an
ls
command.
The following listing uses absolute mode with the
chmod
command to add
setuid
(4744)and then uses symbolic mode (
u-s
) to remove the
setuid
per-
mission from a file:
# ls -l file1
-rwxr--r-- 1 ambro other 636 Jul 24 12:41 file1
# chmod 4744 file1
# ls -l file1
-rwsr--r-- 1 ambro other 636 Jul 24 12:41 file1
# chmod u-s file1
# ls -l file1
-rwxr--r-- 1 ambro other 636 Jul 24 12:41 file1
#
