"chmod"-----some conception of it to ask

 when i use "chmod" command,usually i just use 3 numbers
such as "755,640 etc.",but i saw some usages of it are like this "0755,4640...", i don't know what's the first number used for? (a boot told me that the first number could be "0,1,2,4",please introduce it to me more detailed
thank you
wingboadAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
newmangConnect With a Mentor Commented:
4xxx - Makes the file setuid. When the binary runs it adopts the user priveleges of the file rather than the person running the binary (often dangerous)

2x#x - If # is 7,5,3 or 1 makes the file setgid.
       If # is 6,4,2 or 0 sets mandatory file locking.
       If used on a directory files created in the
       directory take on the group id of the directory
       rather than the process creating the file

1xxx - Set the sticky bit. Only the file owner can delete
       the file irrespective of the file access permissions
       this is usually used in directories such as the /tmp
       

Cheers - Gavin
0
 
wingboadAuthor Commented:
ok,Gavin:
   thanks for your explaination,but i still not clear that
why & when i should use this number,maybe this is because
i know little about "set uid" and "set gid",would you like
explain more about this or give me a URL to see a doc,thank
you
0
 
newmangCommented:
OK here goes.....

SETUID

If you make a program or script setuid it means that when that program or script is run it will run with the authority of the owner of the file rather than the person who runs it.

Lets say that as root I create a script or program that deletes files and save it without the setuid bit set. If I run it as root then of course it can delet any file because, as root, I have that ability. If I run it as a non-root user then it would only allow me to delet files I own because as a normal user I don't have the access to delete other users files.

If, however, as root I set the setuid bit on the program or script file then no matter who runs the program or script the script runs as if the user were root (ie the owner of the file) and therefore anyone could delete any file. Obviously this is a serious security exposure!

It gets worse because you may write a script which does something you want all users to do but which requires root access. The problem here is that if they stop the script they are left with root access and have open slather on the system, the same applies to any application that has a shell escape. For example the vi editor has the ability to run shell commands with the ! command. If vi were to run as setuid root then anyone who can edit a file could run any root access command. This is why it's not a good idea to do this.

Normally if we write a program (not a script) that must have the ability to run a root level command then we code it to run as root just for the time needed to do the command and then we revert back to the user's permission. Furthermore we usually code it such that whilst it is in "root" level it cannot be interrupted by a signal to prevent the user from halting the progrma whilst it is in that state.

The moral is that you shouldn't run things as setiud, there are alternatives such as the sudo application which allows you to assign access to defined commands for defined users.

SETGID

This is the same as SETUID except that the program or script takes on the group id of the file owner rather than the user who runs it. The same caveats apply.

The setgid bit works differently on directories though, in this case it means that any file created in the directory takes on the group id of the directory rather tahn the gid of the person who creates the file. This is used where many people who don't share the same primary group id (user can have many groups) but need to share files with others. It's not used that much.

In summary, if you don't know what the bits are used for you probably don't need to use them.

Does this help?
0
 
wingboadAuthor Commented:
thanks,newmang:
    i really appriated that your detaild explaination,i wil
l accept it,say thanks again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.