{"id":18408,"date":"2021-03-09T13:49:30","date_gmt":"2021-03-09T12:49:30","guid":{"rendered":"https:\/\/www.websupport.sk\/podpora\/?post_type=ht_kb&p=18408"},"modified":"2021-03-09T13:50:55","modified_gmt":"2021-03-09T12:50:55","slug":"specialne-prava-suborov-v-linuxe","status":"publish","type":"ht_kb","link":"https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/","title":{"rendered":"\u0160peci\u00e1lne pr\u00e1va s\u00faborov v Linuxe"},"content":{"rendered":"\n

Okrem z\u00e1kladnej Spr\u00e1vy s\u00faborov a pou\u017e\u00edvate\u013eov v linuxovom pr\u00edkazovom riadku<\/a> existuj\u00fa aj \u0161peci\u00e1lne pr\u00e1va s\u00faborov, s ktor\u00fdmi sa pou\u017e\u00edvate\u013e pri vytv\u00e1ran\u00ed a upravovan\u00ed s\u00faborov nestret\u00e1va \u010dasto.<\/p>\n\n\n\n

Linuxov\u00fd pr\u00edkazov\u00fd riadok WebSupport pre svoj hosting<\/a> poskytuje aj ako webov\u00fa konzolu<\/a>, v ktorej m\u00f4\u017eeme pracova\u0165 pomocou webov\u00e9ho prehliada\u010da ako je Google Chrome. Rovnako je \u0148ou mo\u017en\u00e9 mana\u017eova\u0165 Virtu\u00e1lny server (VPS)<\/a>. Z\u00edskame tak pr\u00edstup k linuxov\u00e9mu pr\u00edkazov\u00e9mu riadku z prostredia, ktor\u00e9 funguje nez\u00e1visle na opera\u010dnom syst\u00e9me.\u00a0<\/p>\n\n\n\n

Sp\u00fastenie s\u00fabora pod \u00fa\u010dtom vlastn\u00edka s\u00faboru (SUID)<\/h2>\n\n\n\n

Na spustenie niektor\u00fdch programov v Linuxe nepotrebujeme pr\u00e1va pou\u017e\u00edvate\u013ea root (napr. cez pr\u00edkaz sudo<\/code>), dokonca aj ke\u010f majite\u013eom sp\u00fa\u0161\u0165an\u00e9ho programu je root. Napr\u00edklad program sl\u00fa\u017eiaci na zmenu hesla pou\u017e\u00edvate\u013eov passwd<\/code> s\u00edce patr\u00ed pou\u017e\u00edvate\u013eovi root, ale spust\u00ed ho ka\u017ed\u00fd pou\u017e\u00edvate\u013e. Je to mo\u017en\u00e9 preto, lebo m\u00e1 nastaven\u00e9 pr\u00e1vo spustenia (p\u00edsmeno x) spolu s pr\u00e1vom spustenia pod \u00fa\u010dtom majite\u013ea (p\u00edsmeno s). Prejavuje sa to tak, \u017ee namiesto p\u00edsmena x bude uveden\u00e9 mal\u00e9 p\u00edsmeno s<\/strong> (ke\u010f je spustenie povolen\u00e9) alebo ve\u013ek\u00e9 p\u00edsmeno S<\/strong> (ke\u010f je spustenie zak\u00e1zan\u00e9):<\/p>\n\n\n\n

ls -l \/usr\/bin\/passwd<\/pre>\n\n\n\n
V\u010faka tomuto nastaveniu si m\u00f4\u017ee ktor\u00fdko\u013evek pou\u017e\u00edvate\u013e zmeni\u0165 heslo a zapisova\u0165 tak do s\u00faborov ako \/etc\/passwd<\/code> alebo \/etc\/shadow<\/code> – do ktor\u00fdch m\u00e1 inak pr\u00edstup iba pou\u017e\u00edvate\u013e root. Hesl\u00e1 ostatn\u00fdch pou\u017e\u00edvate\u013eov v\u0161ak u\u017e be\u017en\u00fd pou\u017e\u00edvate\u013e meni\u0165 nem\u00f4\u017ee. Program passwd toti\u017e porovn\u00e1va UID pou\u017e\u00edvate\u013ea, ktor\u00fd sp\u00fa\u0161\u0165a program s UID pou\u017e\u00edvate\u013ea, ktor\u00e9ho heslo sa m\u00e1 zmeni\u0165. Ak sa obe UID nezhoduj\u00fa, program passwd po\u017eiadavku na zmenu hesla zamietne.<\/p>\n\n\n\n
Pr\u00e1vo spustenia s\u00faboru pod \u00fa\u010dtom majite\u013ea m\u00f4\u017eeme prida\u0165 (druh\u00fd a \u0161tvrt\u00fd riadok) alebo odobra\u0165 (tret\u00ed a piaty riadok) pomocou pr\u00edkazu chmod<\/code> s p\u00edsmenom s<\/strong> (druh\u00fd a piaty riadok) alebo s \u010d\u00edslicou 4<\/strong> (\u0161tvrt\u00fd riadok), ktor\u00fa umiestnime pred ostatn\u00e9 tri \u010d\u00edslice:<\/p>\n\n\n\n
touch ~\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod u+s ~\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod 0764 ~\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod 4764 ~\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod u-s ~\/obycajny_subor.txt<\/pre>\n\n\n\n
Sp\u00fastenie s\u00fabora pod prim\u00e1rnou skupinou s\u00faboru (SGID)<\/h2>\n\n\n\n
To ist\u00e9, ako pri spusten\u00ed s\u00faboru pod \u00fa\u010dtom majite\u013ea (SUID), plat\u00ed aj pri spusten\u00ed s\u00faboru pod prim\u00e1rnou skupinou s\u00faboru (SGID). Akur\u00e1t pr\u00e1vo spustenia men\u00edme skupine (druh\u00fd a piaty riadok) a \u010d\u00edslica bude 2<\/strong> (\u0161tvrt\u00fd riadok):<\/p>\n\n\n\n
mkdir ~\/testovaci_priecinok<\/pre>\n\n\n\n
chmod g+s ~\/testovaci_priecinok<\/pre>\n\n\n\n
chmod 0764 ~\/testovaci_priecinok<\/pre>\n\n\n\n
chmod 2764 ~\/testovaci_priecinok<\/pre>\n\n\n\n
chmod g-s ~\/testovaci_priecinok<\/pre>\n\n\n\n
V\u00fdhoda SGID spo\u010d\u00edva v tom, \u017ee ak toto pr\u00e1vo nastav\u00edme prie\u010dinku, v\u0161etky ostatn\u00e9 s\u00fabory a prie\u010dinky vytvoren\u00e9 v tomto prie\u010dinku bud\u00fa ma\u0165 SGID nastaven\u00e9 tie\u017e. Nebud\u00fa ma\u0165 teda nastaven\u00e9 vlastn\u00edctvo na pou\u017e\u00edvate\u013ea, ktor\u00fd ich vytv\u00e1ral. T\u00e1to v\u00fdhoda sa vyu\u017e\u00edva napr\u00edklad pri zdie\u013ean\u00ed s\u00faborov v sieti cez Samba server, aby v\u0161etky s\u00fabory (bez oh\u013eadu na to, kto ich vytvoril) mali v\u017edy rovnak\u00e9 pr\u00e1va.<\/p>\n\n\n\n
Ochrana s\u00faboru proti premenovaniu alebo vymazaniu (Sticky Bit)<\/h2>\n\n\n\n
P\u00edsmeno t<\/strong> alebo \u010d\u00edslica 1<\/strong> namiesto p\u00edsmena x v pr\u00e1vach ostatn\u00fdch vyzna\u010duje s\u00fabor, ktor\u00fd m\u00f4\u017ee premenova\u0165 alebo zmaza\u0165 iba vlastn\u00edk alebo root. Tak\u00fdmto sp\u00f4sobom je chr\u00e1nen\u00fd napr\u00edklad prie\u010dinok \/tmp a v\u0161etky s\u00fabory a prie\u010dinky v \u0148om. Takto ochr\u00e1nime s\u00fabor \u010di prie\u010dinok pred nechcen\u00fdm premenovan\u00edm alebo zmazan\u00edm:<\/p>\n\n\n\n
chmod +t ~\/test\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod 1764 ~\/test\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod -t ~\/test\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod 0764 ~\/test\/obycajny_subor.txt<\/pre>\n\n\n\n
Po spusten\u00ed pr\u00edkazu ls -l ~\/test\/obycajny_subor.txt<\/code> je teraz v prvom st\u013apci na konci ve\u013ek\u00e9 p\u00edsmeno T<\/strong> (ke\u010f je spustenie zak\u00e1zan\u00e9) alebo mal\u00e9 p\u00edsmeno t<\/strong> (ke\u010f je spustenie povolen\u00e9).<\/p>\n\n\n\n
Zhrnutie<\/h2>\n\n\n\n
Uk\u00e1zali sme si \u0161peci\u00e1lne pr\u00e1va s\u00faborov, ktor\u00e9 vyu\u017e\u00edvaj\u00fa najm\u00e4 syst\u00e9mov\u00ed administr\u00e1tori. Ke\u010f\u017ee tieto pr\u00e1va m\u00f4\u017eu ovplyvni\u0165 aj in\u00e9 s\u00fabory a prie\u010dinky, je ve\u013emi d\u00f4le\u017eit\u00e9, aby sme ich pou\u017e\u00edvali premyslene. Tieto pr\u00e1va sa pri syst\u00e9mov\u00fdch prie\u010dinkoch a s\u00faboroch neodpor\u00fa\u010daj\u00fa meni\u0165, resp. na zmenu mus\u00ed by\u0165 v\u00e1\u017eny d\u00f4vod s dopredu zv\u00e1\u017een\u00fdmi n\u00e1sledkami.<\/p>\n","protected":false},"excerpt":{"rendered":"
Okrem z\u00e1kladnej Spr\u00e1vy s\u00faborov a pou\u017e\u00edvate\u013eov v linuxovom pr\u00edkazovom riadku existuj\u00fa aj \u0161peci\u00e1lne pr\u00e1va s\u00faborov, s ktor\u00fdmi sa pou\u017e\u00edvate\u013e pri vytv\u00e1ran\u00ed a upravovan\u00ed s\u00faborov nestret\u00e1va \u010dasto. Linuxov\u00fd pr\u00edkazov\u00fd riadok WebSupport pre svoj hosting poskytuje aj ako webov\u00fa konzolu, v ktorej m\u00f4\u017eeme pracova\u0165 pomocou webov\u00e9ho prehliada\u010da ako je Google Chrome. Rovnako…<\/p>\n","protected":false},"author":28,"template":"","format":"standard","meta":{"footnotes":""},"ht-kb-category":[33],"ht-kb-tag":[234,336,330,92,189],"class_list":["post-18408","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-servery","ht_kb_tag-bezpecnost","ht_kb_tag-cli","ht_kb_tag-linux","ht_kb_tag-shell","ht_kb_tag-vps"],"yoast_head":"\n\u0160peci\u00e1lne pr\u00e1va s\u00faborov v Linuxe - Websupport centrum podpory<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u0160peci\u00e1lne pr\u00e1va s\u00faborov v Linuxe - Websupport centrum podpory\" \/>\n<meta property=\"og:description\" content=\"Okrem z\u00e1kladnej Spr\u00e1vy s\u00faborov a pou\u017e\u00edvate\u013eov v linuxovom pr\u00edkazovom riadku existuj\u00fa aj \u0161peci\u00e1lne pr\u00e1va s\u00faborov, s ktor\u00fdmi sa pou\u017e\u00edvate\u013e pri vytv\u00e1ran\u00ed a upravovan\u00ed s\u00faborov nestret\u00e1va \u010dasto. Linuxov\u00fd pr\u00edkazov\u00fd riadok WebSupport pre svoj hosting poskytuje aj ako webov\u00fa konzolu, v ktorej m\u00f4\u017eeme pracova\u0165 pomocou webov\u00e9ho prehliada\u010da ako je Google Chrome. Rovnako...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/\" \/>\n<meta property=\"og:site_name\" content=\"Websupport centrum podpory\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-09T12:50:55+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 min\u00faty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/kb\\\/specialne-prava-suborov-v-linuxe\\\/\",\"url\":\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/kb\\\/specialne-prava-suborov-v-linuxe\\\/\",\"name\":\"\u0160peci\u00e1lne pr\u00e1va s\u00faborov v Linuxe - Websupport centrum podpory\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/#website\"},\"datePublished\":\"2021-03-09T12:49:30+00:00\",\"dateModified\":\"2021-03-09T12:50:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/kb\\\/specialne-prava-suborov-v-linuxe\\\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/kb\\\/specialne-prava-suborov-v-linuxe\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/kb\\\/specialne-prava-suborov-v-linuxe\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u0160peci\u00e1lne pr\u00e1va s\u00faborov v Linuxe\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/#website\",\"url\":\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/\",\"name\":\"Websupport centrum podpory\",\"description\":\"Radi v\u00e1m pom\u00f4\u017eeme s va\u0161im probl\u00e9mom\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.websupport.sk\\\/podpora\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u0160peci\u00e1lne pr\u00e1va s\u00faborov v Linuxe - Websupport centrum podpory","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/","og_locale":"sk_SK","og_type":"article","og_title":"\u0160peci\u00e1lne pr\u00e1va s\u00faborov v Linuxe - Websupport centrum podpory","og_description":"Okrem z\u00e1kladnej Spr\u00e1vy s\u00faborov a pou\u017e\u00edvate\u013eov v linuxovom pr\u00edkazovom riadku existuj\u00fa aj \u0161peci\u00e1lne pr\u00e1va s\u00faborov, s ktor\u00fdmi sa pou\u017e\u00edvate\u013e pri vytv\u00e1ran\u00ed a upravovan\u00ed s\u00faborov nestret\u00e1va \u010dasto. Linuxov\u00fd pr\u00edkazov\u00fd riadok WebSupport pre svoj hosting poskytuje aj ako webov\u00fa konzolu, v ktorej m\u00f4\u017eeme pracova\u0165 pomocou webov\u00e9ho prehliada\u010da ako je Google Chrome. Rovnako...","og_url":"https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/","og_site_name":"Websupport centrum podpory","article_modified_time":"2021-03-09T12:50:55+00:00","twitter_card":"summary_large_image","twitter_misc":{"Predpokladan\u00fd \u010das \u010d\u00edtania":"3 min\u00faty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/","url":"https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/","name":"\u0160peci\u00e1lne pr\u00e1va s\u00faborov v Linuxe - Websupport centrum podpory","isPartOf":{"@id":"https:\/\/www.websupport.sk\/podpora\/#website"},"datePublished":"2021-03-09T12:49:30+00:00","dateModified":"2021-03-09T12:50:55+00:00","breadcrumb":{"@id":"https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.websupport.sk\/podpora\/kb\/specialne-prava-suborov-v-linuxe\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.websupport.sk\/podpora\/"},{"@type":"ListItem","position":2,"name":"\u0160peci\u00e1lne pr\u00e1va s\u00faborov v Linuxe"}]},{"@type":"WebSite","@id":"https:\/\/www.websupport.sk\/podpora\/#website","url":"https:\/\/www.websupport.sk\/podpora\/","name":"Websupport centrum podpory","description":"Radi v\u00e1m pom\u00f4\u017eeme s va\u0161im probl\u00e9mom","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.websupport.sk\/podpora\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"}]}},"_links":{"self":[{"href":"https:\/\/www.websupport.sk\/podpora\/wp-json\/wp\/v2\/ht-kb\/18408","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.websupport.sk\/podpora\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.websupport.sk\/podpora\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.websupport.sk\/podpora\/wp-json\/wp\/v2\/users\/28"}],"version-history":[{"count":3,"href":"https:\/\/www.websupport.sk\/podpora\/wp-json\/wp\/v2\/ht-kb\/18408\/revisions"}],"predecessor-version":[{"id":18420,"href":"https:\/\/www.websupport.sk\/podpora\/wp-json\/wp\/v2\/ht-kb\/18408\/revisions\/18420"}],"wp:attachment":[{"href":"https:\/\/www.websupport.sk\/podpora\/wp-json\/wp\/v2\/media?parent=18408"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.websupport.sk\/podpora\/wp-json\/wp\/v2\/ht-kb-category?post=18408"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.websupport.sk\/podpora\/wp-json\/wp\/v2\/ht-kb-tag?post=18408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}