Solved

"chmod"-----some conception of it to ask

Posted on 2001-07-11
4
266 Views
Last Modified: 2010-04-20
 when i use "chmod" command,usually i just use 3 numbers
such as "755,640 etc.",but i saw some usages of it are like this "0755,4640...", i don't know what's the first number used for? (a boot told me that the first number could be "0,1,2,4",please introduce it to me more detailed
thank you
0
Comment
Question by:wingboad
  • 2
  • 2
4 Comments
 
LVL 4

Accepted Solution

by:
newmang earned 10 total points
ID: 6275699
4xxx - Makes the file setuid. When the binary runs it adopts the user priveleges of the file rather than the person running the binary (often dangerous)

2x#x - If # is 7,5,3 or 1 makes the file setgid.
       If # is 6,4,2 or 0 sets mandatory file locking.
       If used on a directory files created in the
       directory take on the group id of the directory
       rather than the process creating the file

1xxx - Set the sticky bit. Only the file owner can delete
       the file irrespective of the file access permissions
       this is usually used in directories such as the /tmp
       

Cheers - Gavin
0
 

Author Comment

by:wingboad
ID: 6279568
ok,Gavin:
   thanks for your explaination,but i still not clear that
why & when i should use this number,maybe this is because
i know little about "set uid" and "set gid",would you like
explain more about this or give me a URL to see a doc,thank
you
0
 
LVL 4

Expert Comment

by:newmang
ID: 6279640
OK here goes.....

SETUID

If you make a program or script setuid it means that when that program or script is run it will run with the authority of the owner of the file rather than the person who runs it.

Lets say that as root I create a script or program that deletes files and save it without the setuid bit set. If I run it as root then of course it can delet any file because, as root, I have that ability. If I run it as a non-root user then it would only allow me to delet files I own because as a normal user I don't have the access to delete other users files.

If, however, as root I set the setuid bit on the program or script file then no matter who runs the program or script the script runs as if the user were root (ie the owner of the file) and therefore anyone could delete any file. Obviously this is a serious security exposure!

It gets worse because you may write a script which does something you want all users to do but which requires root access. The problem here is that if they stop the script they are left with root access and have open slather on the system, the same applies to any application that has a shell escape. For example the vi editor has the ability to run shell commands with the ! command. If vi were to run as setuid root then anyone who can edit a file could run any root access command. This is why it's not a good idea to do this.

Normally if we write a program (not a script) that must have the ability to run a root level command then we code it to run as root just for the time needed to do the command and then we revert back to the user's permission. Furthermore we usually code it such that whilst it is in "root" level it cannot be interrupted by a signal to prevent the user from halting the progrma whilst it is in that state.

The moral is that you shouldn't run things as setiud, there are alternatives such as the sudo application which allows you to assign access to defined commands for defined users.

SETGID

This is the same as SETUID except that the program or script takes on the group id of the file owner rather than the user who runs it. The same caveats apply.

The setgid bit works differently on directories though, in this case it means that any file created in the directory takes on the group id of the directory rather tahn the gid of the person who creates the file. This is used where many people who don't share the same primary group id (user can have many groups) but need to share files with others. It's not used that much.

In summary, if you don't know what the bits are used for you probably don't need to use them.

Does this help?
0
 

Author Comment

by:wingboad
ID: 6284482
thanks,newmang:
    i really appriated that your detaild explaination,i wil
l accept it,say thanks again.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video discusses moving either the default database or any database to a new volume.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now