Jan Kończak

Ta strona jest tylko do odczytu. Możesz wyświetlić źródła tej strony ale nie możesz ich zmienić.
==== id ====
<html>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> whoami
user
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> groups
wheel users android
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> groups john
android chromium
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> id
uid=1005(user) gid=100(users) grupy=100(users),10(wheel),968(android)
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> id john
uid=1234(john) gid=1001(chromium) grupy=1001(chromium),968(android)
</pre>
</html>

==== su ====
<html>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> su
Password:
<span style="font-weight:bold;color:#ff0000;">root&#64;host </span><span style="font-weight:bold;color:#5c5cff;">/home/user #</span> exit
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> su john
Password:
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> exit
exit
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> id
uid=1005(user) gid=100(users) groups=100(users),10(wheel),968(android)
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> newgrp android
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> id
uid=1005(user) gid=968(android) groups=968(android),10(wheel),100(users)
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> exit
exit
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> su john
Password:
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> sg android -c &apos;ps -H -o user,group,cmd -t `tty`&apos;
USER     GROUP    CMD
user     users    -bash
root     users      su john
john     chromium     bash
root     chromium       sg android -c ps -H -o user,group,cmd -t `tty`
john     android          ps -H -o user,group,cmd -t /dev/pts/11
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> exit
exit
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span>
</pre>
Zwróć uwagę, że każde wywołanie <code>su</code>, <code>newgrp</code>, etc. uruchamia nowy proces (domyślnie powłoki).
</html>

==== who ====
<html>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> who
user     tty2         2025-01-04 10:04 (:0)
user     pts/0        2025-01-04 10:04 (:0)
user     pts/1        2025-01-04 10:06 (:0)
user     pts/2        2025-01-04 12:25 (:0)
user     pts/4        2025-01-04 12:27 (:0)
user     tty3         2025-01-04 14:54
user     pts/6        2025-01-04 18:36 (:0)
jane     pts/5        2025-01-04 13:43
john     pts/3        2025-01-04 23:43
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> w
 23:46:14 up 13:45,  9 users,  load average: 0.97, 0.66, 0.53
USER     TTY        LOGIN&#64;   IDLE   JCPU   PCPU WHAT
user     tty2      10:04   12:45m  0.00s  0.17s /usr/bin/startplasma-x11
user     pts/0     10:04    2:21   0.95s  0.72s /bin/bash
user     pts/1     10:06    2:04m  0.26s  0.06s alsamixer -c0
user     pts/2     12:25    0.00s  0.23s  0.23s /bin/bash
user     pts/4     12:27   54:13  10.42s 10.33s ssh root&#64;10.0.0.7
user     tty3      14:54    8:52m  2:07    ?    xinit /etc/X11/xinit/xinitrc -- /etc/X11/xinit/xserverrc :1 -auth /tmp/serverauth.w8runSyQCb
user     pts/6     18:36    3:26m  0.21s   ?    /usr/bin/less
jane     pts/5     13:43    2:22   0.80s  0.52s top
john     pts/3     23:43    2:27   0.23s  0.01s /usr/lib/python-exec/python3.12/python
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> last -n 3 user
user     tty3                          Sat Jan  4 14:54   still logged in
user     pts/9                         Sat Jan  4 20:05 - 09:13 (5+13:08)
user     pts/1        :0               Thu Jan  2 10:05 - 10:21  (00:15)
wtmp begins Mon Dec 31 23:59:59 2024
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> last -n 7
john     pts/3                         Sat Jan  4 23:43   still logged in
user     tty3                          Sat Jan  4 14:54   still logged in
jane     pts/3                         Sat Jan  4 13:43   still logged in
user     pts/9                         Sat Jan  4 20:05 - 09:13 (2+13:08)
user     pts/1        :0               Thu Jan  2 10:05 - 10:21  (00:15)
user     pts/17       :0               Wed Jan  1 22:10 - 22:37  (00:26)
reboot   system boot  6.8.8            Wed Jan  1 22:08   still running
user     pts/16       :0               Wed Jan  1 12:10 - 12:37  (00:26)
wtmp begins Mon Dec 31 23:59:59 2024
</pre>
</html>

==== umask ====
<html>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> umask
0022
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> mkdir d_zero-two-two
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> touch f_zero-two-two
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> umask 027
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> mkdir d_zero-two-seven
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> touch f_zero-two-seven
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> umask 421
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> mkdir d_four-two-one
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> touch f_four-two-one
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ls -ltr
drwxr-xr-x 2 user users  4096 Jan 04 00:01 <span style="font-weight:bold;color:#5c5cff;">d_zero-two-two</span>
-rw-r--r-- 1 user users     0 Jan 04 00:02 f_zero-two-two
drwxr-x--- 2 user users  4096 Jan 04 00:03 <span style="font-weight:bold;color:#5c5cff;">d_zero-two-seven</span>
-rw-r----- 1 user users     0 Jan 04 00:04 f_zero-two-seven
d-wxr-xrw- 2 user users  4096 Jan 04 00:05 <span style="color:#0000ee;"></span><span style="color:#0000ee;background-color:#00cd00;">d_four-two-one</span>
--w-r--rw- 1 user users     0 Jan 04 00:06 f_four-two-one
</pre>
</html>


==== chmod ====

<html>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> ls -l butterflies.txt
<b>-rw-r--r--</b> 1 <b>user users</b> 55 Jan 04 12:00 <span style="color:#00cd00;">butterflies.txt</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat butterflies.txt
  File: butterflies.txt
  Size: 55              Blocks: 8          IO Block: 4096   regular file
Device: 254,3   Inode: 15466579    Links: 1
Access: (<b>0644</b>/<b>-rw-r--r--</b>)  Uid: ( <b>1005</b>/    <b>user</b>)   Gid: (  <b>100</b>/   <b>users</b>)
Access: 2025-01-04 12:00:00.000000000 +0100
Modify: 2025-01-04 12:00:00.000000000 +0100
Change: 2025-01-04 12:00:00.000000000 +0100
 Birth: 2025-01-04 12:00:00.000000000 +0100
</pre>
Uprawnienia są pokazywane symbolicznie w wyniku <code>ls -l</code> i symbolicznie oraz ósemkowo w wyniku <code>stat</code>.
</html>
\\
<html>
Poniższe trzy przykłady ustawiają te same uprawnienia różnymi argumentami do <code>chmod</code>:
<pre style="line-height:100%; margin:0">
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat butterflies.txt | sed -n &apos;4p&apos;
Access: (</span>0644/-rw-r--r--<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod g+w butterflies.txt
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat butterflies.txt | sed -n &apos;4p&apos;
Access: (</span>0664/-rw-rw-r--<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod ug+x butterflies.txt
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat butterflies.txt | sed -n &apos;4p&apos;
Access: (</span>0774/-rwxrwxr--<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod o-r butterflies.txt
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat butterflies.txt | sed -n &apos;4p&apos;
Access: (</span>0770/-rwxrwx---<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
</pre>
</html>
<html>
<pre style="line-height:100%; margin:0">
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat field.txt | sed -n &apos;4p&apos;
Access: (</span>0644/-rw-r--r--<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod ug+x,g+w,o-r field.txt
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat field.txt | sed -n &apos;4p&apos;
Access: (</span>0770/-rwxrwx---<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
</pre>
</html>
<html>
<pre style="line-height:100%; margin:0">
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat pause.txt | sed -n &apos;4p&apos;
Access: (</span>0644/-rw-r--r--<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod 770 pause.txt
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat pause.txt | sed -n &apos;4p&apos;
Access: (</span>0770/-rwxrwx---<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
</pre>
</html>
<html>
Pominięcie <code>ugo</code> przy zapisie symbolicznym w <code>chmod</code>: zmieni wskazane prawa użytkownikowi, grupie i pozostałym, o ile maska (<code>umask</code>) nie ma przysłania odpowiedniego bitu uprawnień:
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod 0 rain.txt
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat rain.txt | sed -n &apos;4p&apos;
Access: (</span>0000/----------<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> umask
0022</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod +rw rain.txt
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat rain.txt | sed -n &apos;4p&apos;
Access: (</span>0644/-rw-r--r--<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
</pre>
</html>
<html>
Uprawnienia specjalne w zapisie symbolicznym pokazywane są literą <code>s/S</code> i <code>t/T</code> na odpowiednim polu; wielkość litery pokazuje czy uprawnienie do wykonania "przykryte" przez odpowiednie specjalne uprawnienie jest ustawione.
<pre style="line-height:100%; margin:0">
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat smell.txt | sed -n &apos;4p&apos;
Access: (</span>0644/-rw-r--r--<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod g+s,o= smell.txt
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat smell.txt | sed -n &apos;4p&apos;
Access: (</span>2640/-rw-r-S---<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod g+x smell.txt
<span style="opacity:0.5"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> stat smell.txt | sed -n &apos;4p&apos;
Access: (</span>2650/-rw-r-s---<span style="opacity:0.5">)  Uid: ( 1005/    user)   Gid: (  100/   users)</span>
</pre>
</html>

==== ugo ====
<html>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod 077 butterflies.txt
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod 707 field.txt
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chmod 770 pause.txt
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> chgrp android field.txt
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> ls -l
total 24
----rwxrwx 1 user users     55 Jan 04 12:00 <span style="font-weight:bold;color:#00ff00;">butterflies.txt</span>
-rwx---rwx 1 user android   82 Jan 04 12:00 <span style="font-weight:bold;color:#00ff00;">field.txt</span>
-rwxrwx--- 1 user users     85 Jan 04 12:00 <span style="font-weight:bold;color:#00ff00;">pause.txt</span>
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> cat butterflies.txt
cat: butterflies.txt: Permission denied
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/perms $</span> su john
Password:
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user/perms</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> groups
android chromium
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user/perms</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> cat field.txt
cat: field.txt: Permission denied
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user/perms</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> cat pause.txt
cat: pause.txt: Permission denied
</pre>
Zauważ że np. dla użytkownika <code>john</code> z grupy <code>android</code> przy dostępie do pliku <code>field.txt</code> brane są pod uwagę tylko uprawienia grupy - nie ma on dostępu do pliku mimo tego że "pozostali" mają dostęp.
</html>

==== dir_no_read ====

<html>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> mkdir lights_off
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> chmod 333 lights_off
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ls lights_off
ls: cannot open directory &apos;lights_off&apos;: Permission denied
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> fortune &gt; lights_off/lego
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> cd lights_off
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/lights_off $</span> cat lego
You can be sure of succeding in your attacks if you only attack places which are undefended
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/lights_off $</span> ls -l .
ls: cannot open directory &apos;.&apos;: Permission denied
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/lights_off $</span> ls -l ghost
ls: cannot access &apos;ghost&apos;: No such file or directory
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/lights_off $</span> ls -l lego
-rw-r--r-- 1 user users 92 Jan 04 12:00 lego
</pre>
</html>

==== dir_create_remove ====

<html>
<p style="margin:0">
Do tworzenia i usuwania plików (w tym katalogów) w katalogu wystarczą uprawienia wykonania i zapisu do tego katalogu. Specjalnie uprawienie "sticky bit" dodatkowo zabrania usuwania plików użytkownikom którzy nie są właścicielem usuwanego pliku lub właścicielem katalogu z którego plik jest usuwany.
</p>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> chgrp android ffa
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> chmod g+w ffa
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> cd ffa
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/ffa $</span> touch user_file
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/ffa $</span> su john
Password:
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user/ffa</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> id
uid=1234(john) gid=1001(chromium) groups=1001(chromium),968(android)
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user/ffa</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> mkdir john_empty_dir john_dir
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user/ffa</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> touch john_file1 john_file2 john_file3 john_dir/file
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user/ffa</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> exit
exit
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/ffa $</span> su jane
Password:
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> touch jane_file
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> tree -pug
[drwxrwxr-x user     android ]  <span style="font-weight:bold;color:#5c5cff;">.</span>
├── [-rw-r--r-- jane     android ]  jane_file
├── [drwxr-xr-x john     chromium]  <span style="font-weight:bold;color:#5c5cff;">john_dir</span>
│   └── [-rw-r--r-- john     chromium]  file
├── [drwxr-xr-x john     chromium]  <span style="font-weight:bold;color:#5c5cff;">john_empty_dir</span>
├── [-rw-r--r-- john     chromium]  john_file1
├── [-rw-r--r-- john     chromium]  john_file2
├── [-rw-r--r-- john     chromium]  john_file3
└── [-rw-r--r-- user     users   ]  user_file
3 directories, 6 files
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> rm -f user_file
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> rm -f john_file1
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> rm -rf john_empty_dir
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> rm -rf john_dir
rm: cannot remove &apos;john_dir/file&apos;: Permission denied
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> tree -pug
[drwxrwxr-x user     android ]  <span style="font-weight:bold;color:#5c5cff;">.</span>
├── [-rw-r--r-- jane     android ]  jane_file
├── [drwxr-xr-x john     chromium]  <span style="font-weight:bold;color:#5c5cff;">john_dir</span>
│   └── [-rw-r--r-- john     chromium]  file
├── [-rw-r--r-- john     chromium]  john_file2
└── [-rw-r--r-- john     chromium]  john_file3
2 directories, 4 files
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> exit
exit
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/ffa $</span> chmod o+t .
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/ffa $</span> su jane
Password:
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> rm -f jane_file
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> rm -f john_file2
rm: cannot remove &apos;john_file2&apos;: Operation not permitted
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user/ffa $</span> exit
exit
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/ffa $</span> rm -f john_file2
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/ffa $</span> chmod go=rx .
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~/ffa $</span> su john
Password:
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user/ffa</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> tree -pug
[drwxr-xr-x user     android ]  <span style="color:#e5e5e5;"></span><span style="font-weight:bold;color:#5c5cff;">.</span>
├── [drwxr-xr-x john     chromium]  <span style="font-weight:bold;color:#5c5cff;">john_dir</span>
│   └── [-rw-r--r-- john     chromium]  file
└── [-rw-r--r-- john     chromium]  john_file3
2 directories, 2 files
<span style="font-weight:bold;color:#7f7f7f;">[</span><span style="font-weight:bold;color:#808000;">host</span><span style="font-weight:bold;color:#00ffff;"> /home/user/ffa</span><span style="font-weight:bold;color:#7f7f7f;">]</span><span style="font-weight:bold;color:#808000;">$</span> rm john_file3
rm: cannot remove &apos;john_file3&apos;: Permission denied
</pre>
</html>

==== write_only ====
<html>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> touch incoming
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> chmod 422 incoming
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> cat incoming
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> echo &quot;hello&quot; &gt;  incoming
-bash: incoming: Permission denied
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> su jane
Password:
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user $</span> cat incoming
cat: incoming: Permission denied
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user $</span> echo &quot;hello&quot; &gt;  incoming
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user $</span> echo &quot;user!&quot; &gt;&gt; incoming
<span style="font-weight:bold;color:#ff00ff;">jane</span>&#64;<span style="font-weight:bold;color:#00ff00;">host</span><span style="font-weight:bold;color:#5c5cff;"> /home/user $</span> exit
exit
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> cat incoming
hello
user!
</pre>
</html>

==== suid_sgid ====

<html>
<p style="margin:0">
Suid i sgid nakazuje wykonać program jako właściciel pliku, zmieniając efektywne identyfikatory użytkownika bądź grupy (euid/egid).
</p>
<pre style="line-height:100%; margin:0"><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> pygmentize prog.c
<span style="color:#af005f;">int</span><span style="color:#bcbcbc;"> </span><span style="color:#0000ff;">main</span>(<span style="color:#af005f;">int</span>,<span style="color:#bcbcbc;"> </span><span style="color:#af005f;">char</span><span style="color:#bcbcbc;"> </span><span style="color:#626262;">**</span>a)<span style="color:#bcbcbc;"> </span>{
<span style="color:#bcbcbc;">  </span><span style="color:#af005f;">char</span><span style="color:#bcbcbc;"> </span><span style="color:#626262;">*</span>name;
<span style="color:#bcbcbc;">  </span>asprintf(<span style="color:#626262;">&amp;</span>name,<span style="color:#bcbcbc;"> </span><span style="color:#af0000;">&quot;%s.txt&quot;</span>,<span style="color:#bcbcbc;"> </span>a[<span style="color:#626262;">0</span>]);
<span style="color:#bcbcbc;">  </span><span style="color:#af005f;">int</span><span style="color:#bcbcbc;"> </span>file<span style="color:#bcbcbc;"> </span><span style="color:#626262;">=</span><span style="color:#bcbcbc;"> </span>creat(name,<span style="color:#bcbcbc;"> </span><span style="color:#626262;">0644</span>);
<span style="color:#bcbcbc;">  </span>free(name);
<span style="color:#bcbcbc;">  </span>write(file,<span style="color:#bcbcbc;"> </span><span style="color:#af0000;">&quot;Hello</span><span style="font-weight:bold;color:#af5f00;">\n</span><span style="color:#af0000;">&quot;</span>,<span style="color:#bcbcbc;"> </span><span style="color:#626262;">6</span>);
<span style="color:#bcbcbc;">  </span>close(file);
<span style="color:#bcbcbc;">  </span>execlp(<span style="color:#af0000;">&quot;id&quot;</span>,<span style="color:#bcbcbc;"> </span><span style="color:#af0000;">&quot;id&quot;</span>,<span style="color:#bcbcbc;"> </span><span style="color:#626262;">0</span>);
<span style="color:#bcbcbc;">  </span><span style="font-weight:bold;color:#008700;">return</span><span style="color:#bcbcbc;"> </span><span style="color:#626262;">1</span>;
}
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> gcc -w -ansi ./prog.c -o prog
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> su
Password:
<span style="font-weight:bold;color:#ff0000;">root&#64;host </span><span style="font-weight:bold;color:#5c5cff;">/home/user #</span> cp prog prog-suid
<span style="font-weight:bold;color:#ff0000;">root&#64;host </span><span style="font-weight:bold;color:#5c5cff;">/home/user #</span> cp prog prog-sgid
<span style="font-weight:bold;color:#ff0000;">root&#64;host </span><span style="font-weight:bold;color:#5c5cff;">/home/user #</span> cp prog prog-none
<span style="font-weight:bold;color:#ff0000;">root&#64;host </span><span style="font-weight:bold;color:#5c5cff;">/home/user #</span> chown daemon:man prog-*
<span style="font-weight:bold;color:#ff0000;">root&#64;host </span><span style="font-weight:bold;color:#5c5cff;">/home/user #</span> chmod u+s prog-suid
<span style="font-weight:bold;color:#ff0000;">root&#64;host </span><span style="font-weight:bold;color:#5c5cff;">/home/user #</span> chmod g+s prog-sgid
<span style="font-weight:bold;color:#ff0000;">root&#64;host </span><span style="font-weight:bold;color:#5c5cff;">/home/user #</span> exit
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> stat prog-* | awk &apos;/F/{f=$0}/)/{print f &quot;\t&quot; $0}&apos;
  File: prog-none       Access: (0755/-rwxr-xr-x)  Uid: (    2/  daemon)   Gid: (   15/     man)
  File: prog-sgid       Access: (2755/-rwxr-sr-x)  Uid: (    2/  daemon)   Gid: (   15/     man)
  File: prog-suid       Access: (4755/-rwsr-xr-x)  Uid: (    2/  daemon)   Gid: (   15/     man)
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> chmod go+w .
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ./prog-none
uid=1005(user) gid=100(users) groups=100(users),10(wheel),968(android)
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ./prog-suid
uid=1005(user) gid=100(users) euid=2(daemon) groups=100(users),10(wheel),968(android)
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ./prog-sgid
uid=1005(user) gid=100(users) egid=15(man) groups=15(man),10(wheel),100(users),968(android)
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> stat prog-*.txt | awk &apos;/F/{f=$0}/)/{print f &quot;\t&quot; $0}&apos;
  File: prog-none.txt   Access: (0644/-rw-r--r--)  Uid: ( 1005/    user)   Gid: (  100/   users)
  File: prog-sgid.txt   Access: (0644/-rw-r--r--)  Uid: ( 1005/    user)   Gid: (   15/     man)
  File: prog-suid.txt   Access: (0644/-rw-r--r--)  Uid: (    2/  daemon)   Gid: (  100/   users)
<span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ls -ltr prog-*
-rwsr-xr-x 1 daemon man   15680 Jan 04 12:01 <span style="color:#e5e5e5;"></span><span style="color:#e5e5e5;background-color:#cd0000;">prog-suid</span>
-rwxr-sr-x 1 daemon man   15680 Jan 04 12:02 <span style="color:#000000;"></span><span style="color:#000000;background-color:#cdcd00;">prog-sgid</span>
-rwxr-xr-x 1 daemon man   15680 Jan 04 12:03 <span style="font-weight:bold;color:#00ff00;">prog-none</span>
-rw-r--r-- 1 user   users     6 Jan 04 12:04 <span style="color:#00cd00;">prog-none.txt</span>
-rw-r--r-- 1 user   man       6 Jan 04 12:05 <span style="color:#00cd00;">prog-sgid.txt</span>
-rw-r--r-- 1 daemon users     6 Jan 04 12:06 <span style="color:#00cd00;">prog-suid.txt</span>
</pre>
</html>

==== touch ====

<html>
<pre style="line-height:100%; margin:0">
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> stat essay.odt
  File: essay.odt
  Size: 73414           Blocks: 144        IO Block: 4096   regular file
Device: 254,3   Inode: 15466607    Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1005/    user)   Gid: (  100/   users)
Access: 2025-01-02 12:00:00.000000000 +0100
Modify: 2025-01-01 12:00:00.000000000 +0100
Change: 2025-01-02 12:00:00.000000000 +0100
 Birth: 2025-01-01 12:00:00.000000000 +0100
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ls -l essay.odt
-rw-r--r-- 1 user users 73414 Jan  1 12:00 essay.odt
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> touch -d &apos;2025-01-03 12:34&apos; essay.odt
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> stat essay.odt
  File: essay.odt
  Size: 73414           Blocks: 144        IO Block: 4096   regular file
Device: 254,3   Inode: 15466607    Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1005/    user)   Gid: (  100/   users)
Access: 2025-01-03 12:34:00.000000000 +0100
Modify: 2025-01-03 12:34:00.000000000 +0100
Change: 2025-01-05 12:00:00.000000000 +0100
 Birth: 2025-01-01 12:00:00.000000000 +0100
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ls -l essay.odt
-rw-r--r-- 1 user users 73414 Jan  3 12:34 essay.odt
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> touch -a -d &apos;yesterday 6pm&apos; essay.odt
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> stat essay.odt
  File: essay.odt
  Size: 73414           Blocks: 144        IO Block: 4096   regular file
Device: 254,3   Inode: 15466607    Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1005/    user)   Gid: (  100/   users)
Access: 2025-01-04 18:00:00.000000000 +0100
Modify: 2025-01-03 12:34:00.000000000 +0100
Change: 2025-01-05 12:00:00.000000000 +0100
 Birth: 2025-01-01 12:00:00.000000000 +0100
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ls -l essay.odt
-rw-r--r-- 1 user users 73414 Jan  3 12:34 essay.odt
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> date
Sun Jan  5 12:00:00 CET 2025
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> touch essay.odt
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> stat essay.odt
  File: essay.odt
  Size: 73414           Blocks: 144        IO Block: 4096   regular file
Device: 254,3   Inode: 15466607    Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1005/    user)   Gid: (  100/   users)
Access: 2025-01-05 12:00:00.000000000 +0100
Modify: 2025-01-05 12:00:00.000000000 +0100
Change: 2025-01-05 12:00:00.000000000 +0100
 Birth: 2025-01-01 12:00:00.000000000 +0100
<span style="font-weight:bold;color:#7f7f7f;"></span><span style="font-weight:bold;color:#00ff00;">user&#64;host</span><span style="font-weight:bold;color:#5c5cff;"> ~ $</span> ls -l essay.odt
-rw-r--r-- 1 user users 73414 Jan  5 12:01 essay.odt
</pre>
Zwróć uwagę, że data zmiany metadanych pliku jest ustawiana na bieżącą przy każdej zmianie metadanych, w tym zmianie dat.
</html>
Jan Kończak

Narzędzia użytkownika

Narzędzia witryny

Narzędzia strony
