Special permission set_gid
set_gid special privileges are used in user group privilege bits and are also represented by a s.
When working on a file, just like the set_uid function, it ensures that ordinary users outside the group can temporarily have the identity of the user group when using the file.
In addition, set_gid special privileges can also be used on directories. Its function is that, no matter which user is currently logged in, as long as the directory has set_gid privileges, the new subdirectories and subfiles under the directory belong to the same group as the directory belongs to. ps: In Linux system, by default, the user is logged in, the new files and directories are created.( Subfiles, subdirectories) belong to the user group in which the user belongs.
1. Function on documents
[root@allinlinux-01 ~]# Ls-l/usr/bin/ls-rwsr-xr-x.1 Root 117656 November 2016/usr/bin/ls [root@allinlinux-01 ~]# chmod u-s /usr/bin/ls[root@allinlinux-01 ~]# !lsls -l /usr/bin/ls -rwxr-xr-x. 1 root root 117656 11 month 6 2016 /usr/bin/ls [root@allinlinux-01 ~]# chmod g+s /usr/bin/ls[root@allinlinux-01 ~]# !lsls -l /usr/bin/ls -rwxr-sr-x. 1 root root 117656 11 month 6 2016 /usr/bin/ls [root@allinlinux-01 ~]#
2. Act on the catalogue
1. If the directory does not have set_gid Permission > which user logs in, the newly created file/directory (subfile/subdirectory) belongs to the user's group > chestnut 1: login to ordinary user allin
[allin1@allinlinux-01 tmp]$ mkdir 234/ [allin1@allinlinux-01 tmp]$ ls -ld 234/ drwxrwxr-x. 2 allin1 allin1 6 6 month 9 10:52 234/ [allin1@allinlinux-01 tmp]$ mkdir 234/123/ [allin1@allinlinux-01 tmp]$ ls -ld 234/123/ drwxrwxr-x. 2 allin1 allin1 6 6 month 9 10:53 234/123/ [allin1@allinlinux-01 tmp]$ touch 234/1[allin1@allinlinux-01 tmp]$ ls -l 234/1-rw-rw-r--. 1 allin1 allin1 0 6 month 9 10:53 234/1[allin1@allinlinux-01 tmp]$
> Chestnut 2: Login root User
[root@allinlinux-01 ~]# cd /tmp/[root@allinlinux-01 tmp]# ls111 1.txt 222 234 allin2 allinlinux systemd-private-0f4b60569c224727b1ec0153a8598630-vmtoolsd.service-qCx2Tt tmp [root@allinlinux-01 tmp]# mkdir 345/[root@allinlinux-01 tmp]# Ls-ld 345/drwxr-xr-x.2 Root June 9:10:56 345/ [root@allinlinux-01 tmp]# mkdir 345/123/[root@allinlinux-01 tmp]# Ls-ld 345/123/drwxr-xr-x.2 Root June 9:10:56 345/123/ [root@allinlinux-01 tmp]# touch 345/1[root@allinlinux-01 tmp]# ls -l 345/1-rw-r--r--. 1 root root 0 6 month 9 10:56 345/1[root@allinlinux-01 tmp]#
2. Directory setting set_gid permissions > No matter which user logs in, under the directory with set_gid privileges, the new subfile/subdirectory will be the same as the directory and will not be affected by the logged-in user. > Preset scenario: Under / tmp / directory, create a new directory / 666 / and change its group to user1, then set_uidquanxian for the directory, and finally operate with root user.
[root@allinlinux-01 tmp]# Ls-l Total dosage 4drwxrwxr--. 4 root root root root 45 June 8 21:20 111-rw-rw-r--. 1 root root 65 June 8 21:16 1.txt drwxr-xr-x. 2 root root 6 6 month 8 20:11 222drwxrwxr-x. 3 allin1 allin1 26 6 month 9 10:53 234drwxr-xr-x. 3 root root 26 6 month 9 10:56 345drwxr-xr-x. 4 root root 40 6 month 6 21:32 allin2 drwxrwxrwx. 2 allin1 user1 19 6 month 8 14:58 allinlinux drwx------. 3 root root 17 6 month 8 14:15 systemd-private-0f4b60569c224727b1ec0153a8598630-vmtoolsd.service-qCx2Tt drwxr-xr-x. 4 root root 28 6 month 6 17:16 tmp [root@allinlinux-01 tmp]# mkdir 666/[root@allinlinux-01 tmp]# Ls-ld 666/drwxr-xr-x.2 Root June 9 11:01 666/ [root@allinlinux-01 tmp]# chown :user1 666/[root@allinlinux-01 tmp]# Ls-ld 666/drwxr-xr-x.2 Root user 1 June 9 11:01 666/ [root@allinlinux-01 tmp]# chmod g+s 666/[root@allinlinux-01 tmp]# Ls-ld 666/drwxr-sr-x.2 Root user 1 June 9 11:08 666/ [root@allinlinux-01 tmp]#
> Chestnut 1: Login Super User root
[root@allinlinux-01 tmp]# mkdir 666/111/[root@allinlinux-01 tmp]# Ls-ld 666/111/drwxr-sr-x.2 Root user 1 June 9 11:10 666/111/ [root@allinlinux-01 tmp]# touch 666/1[root@allinlinux-01 tmp]# ls -l 666/1-rw-r--r--. 1 root user1 0 6 month 9 11:10 666/1[root@allinlinux-01 tmp]#
