When you use Passwd to change your password, you need to access the / etc / shadow file, but as a normal user you don't have this permission. At this time, the system implements access to this file through an additional permissions.
When you perform a program that sets the SuID bit, you inherit the primary authority of the program, without setting up the SUID bit, only has permission to execute the user's user.
The file properties of / usr / bin / passwd are listed below
-r-s - x - x 1 Root root 15368 5 â 29 2002 / usr / bin / passwd
It can be seen that the owner executes the bit set to s
The program that sets the SGID bit will be permissions to the programs where the program host is located.
Here, when you execute the passwd, you are executed with root permissions.
The Suid bit and the viscous position give a directory an additional file mobile permission. The user can use the user to add and delete any files in the directory, if the viscous position of the directory is set, only when you are the following user, the file can be deleted: set the touch of the viscous position The owner, the owner of the file to be deleted, the root user.
The directory can also set the SGID bit. If a directory sets an SGID bit, any new file added to this directory automatically inherits the group of the directory, used to replace the group of the user of the file.
-------------------------------------------------
SGID application
The well-known CVS is very weak in the management of users and project privileges, which requires us to use the system to manage the functions of the user's directory file management.
The group used to develop the project is first established when establishing a new project, such as DXC
Join the developers' users to this group, such as: DXCA, DXCB, DXCC
Use a project member account to build a project's total name directory, such as DXC, and the part of the directory is DXC, use
CHMOD G S DXC
Set the SGID bit
Then, Import This project.
Each member of the group can be correct Checkout and Commit, even if add new directory and files do not cause other users to properly access the properties of the new subdirectory.
