{"id":742,"date":"2021-04-03T14:32:51","date_gmt":"2021-04-03T14:32:51","guid":{"rendered":"https:\/\/dev.sourcecode.sk\/wsczkb\/?post_type=ht_kb&p=742"},"modified":"2021-07-19T13:08:16","modified_gmt":"2021-07-19T11:08:16","slug":"specialni-prava-souboru-v-linuxu","status":"publish","type":"ht_kb","link":"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/","title":{"rendered":"Speci\u00e1ln\u00ed pr\u00e1va soubor\u016f v Linuxu"},"content":{"rendered":"\n

Krom\u011b z\u00e1kladn\u00ed Spr\u00e1vy soubor\u016f a u\u017eivatel\u016f v linuxov\u00e9m p\u0159\u00edkazov\u00e9m \u0159\u00e1dku<\/a> existuj\u00ed i speci\u00e1ln\u00ed pr\u00e1va soubor\u016f, se kter\u00fdmi se u\u017eivatel p\u0159i vytv\u00e1\u0159en\u00ed a upravovan\u00ed soubor\u016f nesetk\u00e1v\u00e1 \u010dasto.<\/p>\n\n\n\n

Linuxov\u00fd p\u0159\u00edkazov\u00fd \u0159\u00e1dek WebSupport pro sv\u016fj hosting<\/a> poskytuje i jako webovou konzolu<\/a>, v kter\u00e9 m\u016f\u017eeme pracovat pomoc\u00ed webov\u00e9ho prohl\u00ed\u017ee\u010de jako je Google Chrome. Stejn\u011b tak je s n\u00ed mo\u017en\u00e9 mene\u017eovat Virtu\u00e1ln\u00ed server (VPS)<\/a>. Z\u00edsk\u00e1me tak p\u0159\u00edstup k linuxov\u00e9mu p\u0159\u00edkazov\u00e9mu \u0159\u00e1dku z prost\u0159ed\u00ed, kter\u00e9 funguje nez\u00e1visle na opera\u010dn\u00edm syst\u00e9mu.\u00a0<\/p>\n\n\n\n

Spu\u0161t\u011bn\u00ed souboru pod \u00fa\u010dtem vlastn\u00edka souboru (SUID)<\/h2>\n\n\n\n

Na spu\u0161t\u011bn\u00ed n\u011bkter\u00fdch program\u016f v Linuxu nepot\u0159ebujeme pr\u00e1va u\u017eivatele root (nap\u0159. p\u0159es p\u0159\u00edkaz sudo<\/code>), dokonce i kdy\u017e majitelem spou\u0161t\u011bn\u00e9ho programu je root. Nap\u0159\u00edklad program slou\u017e\u00edc\u00ed na zm\u011bnu hesla u\u017eivatel\u016f passwd<\/code> sice pat\u0159\u00ed u\u017eivateli root, ale spust\u00ed ho ka\u017ed\u00fd u\u017eivatel. Je to mo\u017en\u00e9 proto, \u017ee m\u00e1 nastaven\u00e9 pr\u00e1vo spu\u0161t\u011bn\u00ed (p\u00edsmeno x) spolu s pr\u00e1vem spu\u0161t\u011bn\u00ed pod \u00fa\u010dtem majitele (p\u00edsmeno s). Projevuje se to tak, \u017ee nam\u00edsto p\u00edsmena x bude uveden\u00e9 mal\u00e9 p\u00edsmeno s<\/strong> (kdy\u017e je spu\u0161t\u011bn\u00ed povolen\u00e9) nebo velk\u00e9 p\u00edsmeno S<\/strong> (kdy\u017e je spu\u0161t\u011bn\u00ed zak\u00e1zan\u00e9):<\/p>\n\n\n\n

ls -l \/usr\/bin\/passwd<\/pre>\n\n\n\n
D\u00edky tomuto nastaven\u00ed si m\u016f\u017ee kter\u00fdkoliv u\u017eivatel zm\u011bnit heslo a zapisovat tak do soubor\u016f jako \/etc\/passwd<\/code> nebo \/etc\/shadow<\/code> – do kter\u00fdch m\u00e1 jinak p\u0159\u00edstup pouze u\u017eivatel root. Hesla ostatn\u00edch u\u017eivatel\u016f v\u0161ak u\u017e b\u011b\u017en\u00fd u\u017eivatel m\u011bnit nem\u016f\u017ee. Program passwd toti\u017e porovn\u00e1v\u00e1 UID u\u017eivatele, kter\u00fd spou\u0161t\u00ed program s UID u\u017eivatele, kter\u00e9ho heslo se m\u00e1 zm\u011bnit. Pokud se ob\u011b UID neshoduj\u00ed, program passwd po\u017eadavek na zm\u011bnu hesla zam\u00edtne.<\/p>\n\n\n\n
Pr\u00e1vo spu\u0161t\u011bn\u00ed souboru pod \u00fa\u010dtem majitele m\u016f\u017eeme p\u0159idat (druh\u00fd a \u010dtvrt\u00fd \u0159\u00e1dek) nebo odebrat (t\u0159et\u00ed a p\u00e1t\u00fd \u0159\u00e1dek) pomoc\u00ed p\u0159\u00edkazu chmod<\/code> s p\u00edsmenem s<\/strong> (druh\u00fd a p\u00e1t\u00fd \u0159\u00e1dek) nebo s \u010d\u00edslic\u00ed 4<\/strong> (\u010dtvrt\u00fd \u0159\u00e1dek), kterou um\u00edst\u00edme p\u0159ed ostatn\u00ed t\u0159i \u010d\u00edslice:<\/p>\n\n\n\n
touch ~\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod u+s ~\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod 0764 ~\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod 4764 ~\/obycajny_subor.txt<\/pre>\n\n\n\n
chmod u-s ~\/obycajny_subor.txt<\/pre>\n\n\n\n
Sp\u00fastenie s\u00fabora pod prim\u00e1rnou skupinou s\u00faboru (SGID)<\/h2>\n\n\n\n
To ist\u00e9, ako pri spusten\u00ed s\u00faboru pod \u00fa\u010dtom majite\u013ea (SUID), plat\u00ed aj pri spusten\u00ed s\u00faboru pod prim\u00e1rnou skupinou s\u00faboru (SGID). Akur\u00e1t pr\u00e1vo spustenia men\u00edme skupine (druh\u00fd a piaty riadok) a \u010d\u00edslica bude 2<\/strong> (\u0161tvrt\u00fd riadok):<\/p>\n\n\n\n
mkdir ~\/testovaci_slozka<\/pre>\n\n\n\n
chmod g+s ~\/testovaci_slozka<\/pre>\n\n\n\n
chmod 0764 ~\/testovaci_slozka<\/pre>\n\n\n\n
chmod 2764 ~\/testovaci_slozka<\/pre>\n\n\n\n
chmod g-s ~\/testovaci_slozka<\/pre>\n\n\n\n
V\u00fdhoda SGID spo\u010d\u00edv\u00e1 v tom, \u017ee kdy\u017e toto pr\u00e1vo nastav\u00edme slo\u017ece, v\u0161echny ostatn\u00ed soubory a slo\u017eky vytvo\u0159en\u00e9 v t\u00e9to slo\u017ece budou m\u00edt SGID nastaven\u00e9 t\u00e9\u017e. Nebudou m\u00edt tedy nastaven\u00e9 vlastnictv\u00ed na u\u017eivatele, kter\u00fd je vytv\u00e1\u0159el. T\u00e1to v\u00fdhoda se vyu\u017e\u00edv\u00e1 nap\u0159\u00edklad p\u0159i sd\u00edlen\u00ed soubor\u016f v s\u00edti p\u0159es Samba server, aby v\u0161echny soubory (bez ohledu na to, kdo je vytvo\u0159il) m\u011bly v\u017edy stejn\u00e1 pr\u00e1va.<\/p>\n\n\n\n
Ochrana souboru proti p\u0159ejmenov\u00e1n\u00ed nebo vymaz\u00e1n\u00ed (Sticky Bit)<\/h2>\n\n\n\n
P\u00edsmeno t<\/strong> nebo \u010d\u00edslice 1<\/strong> nam\u00edsto p\u00edsmena x v pr\u00e1vech ostatn\u00edch vyzna\u010duje soubor, kter\u00fd m\u016f\u017ee p\u0159ejmenovat nebo smazat pouze vlastn\u00edk nebo root. Takov\u00fdm zp\u016fsobem je chr\u00e1n\u011bn\u00e1 nap\u0159\u00edklad slo\u017eka \/tmp a v\u0161echny soubory a slo\u017eky v n\u00ed. Takto ochr\u00e1n\u00edme soubor \u010di slo\u017eku p\u0159ed necht\u011bn\u00fdm p\u0159ejmenov\u00e1n\u00edm nebo smaz\u00e1n\u00edm:<\/p>\n\n\n\n
chmod +t ~\/test\/obycejny_soubor.txt<\/pre>\n\n\n\n
chmod 1764 ~\/test\/obycejny_soubor.txt<\/pre>\n\n\n\n
chmod -t ~\/test\/obycejny_soubor.txt<\/pre>\n\n\n\n
chmod 0764 ~\/test\/obycejny_soubor.txt<\/pre>\n\n\n\n
Po spu\u0161t\u011bn\u00ed p\u0159\u00edkazu ls -l ~\/test\/obycajny_subor.txt<\/code> je te\u010f v prvn\u00edm sloupci na konci velk\u00e9 p\u00edsmeno T<\/strong> (kdy\u017e je spu\u0161t\u011bn\u00ed zak\u00e1zan\u00e9) nebo mal\u00e9 p\u00edsmeno t<\/strong> (kdy\u017e je spu\u0161t\u011bn\u00ed povolen\u00e9).<\/p>\n\n\n\n
Shrnut\u00ed<\/h2>\n\n\n\n
Uk\u00e1zali jsme si speci\u00e1ln\u00ed pr\u00e1va soubor\u016f, kter\u00e9 vyu\u017e\u00edvaj\u00ed zejm\u00e9na syst\u00e9mov\u00ed administr\u00e1to\u0159i. Jeliko\u017e tyto pr\u00e1va mohou ovlivnit i jin\u00e9 soubory a slo\u017eky, je velmi d\u016fle\u017eit\u00e9, abychom je pou\u017e\u00edvali s rozmyslem. Tato pr\u00e1va se u syst\u00e9mov\u00fdch slo\u017eek a soubor\u016f nedoporu\u010duj\u00ed m\u011bnit, resp. ke zm\u011bn\u011b mus\u00ed b\u00fdt v\u00e1\u017en\u00fd d\u016fvod s dop\u0159edu zv\u00e1\u017een\u00fdmi n\u00e1sledky.<\/p>\n","protected":false},"excerpt":{"rendered":"
Krom\u011b z\u00e1kladn\u00ed Spr\u00e1vy soubor\u016f a u\u017eivatel\u016f v linuxov\u00e9m p\u0159\u00edkazov\u00e9m \u0159\u00e1dku existuj\u00ed i speci\u00e1ln\u00ed pr\u00e1va soubor\u016f, se kter\u00fdmi se u\u017eivatel p\u0159i vytv\u00e1\u0159en\u00ed a upravovan\u00ed soubor\u016f nesetk\u00e1v\u00e1 \u010dasto. Linuxov\u00fd p\u0159\u00edkazov\u00fd \u0159\u00e1dek WebSupport pro sv\u016fj hosting poskytuje i jako webovou konzolu, v kter\u00e9 m\u016f\u017eeme pracovat pomoc\u00ed webov\u00e9ho prohl\u00ed\u017ee\u010de jako je Google Chrome. Stejn\u011b…<\/p>\n","protected":false},"author":3,"template":"","format":"standard","meta":{"footnotes":""},"ht-kb-category":[72],"ht-kb-tag":[],"class_list":["post-742","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-servery"],"yoast_head":"\nSpeci\u00e1ln\u00ed pr\u00e1va soubor\u016f v Linuxu - Websupport Centrum n\u00e1pov\u011bdy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Speci\u00e1ln\u00ed pr\u00e1va soubor\u016f v Linuxu - Websupport Centrum n\u00e1pov\u011bdy\" \/>\n<meta property=\"og:description\" content=\"Krom\u011b z\u00e1kladn\u00ed Spr\u00e1vy soubor\u016f a u\u017eivatel\u016f v linuxov\u00e9m p\u0159\u00edkazov\u00e9m \u0159\u00e1dku existuj\u00ed i speci\u00e1ln\u00ed pr\u00e1va soubor\u016f, se kter\u00fdmi se u\u017eivatel p\u0159i vytv\u00e1\u0159en\u00ed a upravovan\u00ed soubor\u016f nesetk\u00e1v\u00e1 \u010dasto. Linuxov\u00fd p\u0159\u00edkazov\u00fd \u0159\u00e1dek WebSupport pro sv\u016fj hosting poskytuje i jako webovou konzolu, v kter\u00e9 m\u016f\u017eeme pracovat pomoc\u00ed webov\u00e9ho prohl\u00ed\u017ee\u010de jako je Google Chrome. Stejn\u011b...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/\" \/>\n<meta property=\"og:site_name\" content=\"Websupport Centrum n\u00e1pov\u011bdy\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-19T11:08:16+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/\",\"url\":\"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/\",\"name\":\"Speci\u00e1ln\u00ed pr\u00e1va soubor\u016f v Linuxu - Websupport Centrum n\u00e1pov\u011bdy\",\"isPartOf\":{\"@id\":\"https:\/\/www.websupport.cz\/podpora\/#website\"},\"datePublished\":\"2021-04-03T14:32:51+00:00\",\"dateModified\":\"2021-07-19T11:08:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.websupport.cz\/podpora\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Speci\u00e1ln\u00ed pr\u00e1va soubor\u016f v Linuxu\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.websupport.cz\/podpora\/#website\",\"url\":\"https:\/\/www.websupport.cz\/podpora\/\",\"name\":\"Websupport Centrum n\u00e1pov\u011bdy\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.websupport.cz\/podpora\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Speci\u00e1ln\u00ed pr\u00e1va soubor\u016f v Linuxu - Websupport Centrum n\u00e1pov\u011bdy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/","og_locale":"cs_CZ","og_type":"article","og_title":"Speci\u00e1ln\u00ed pr\u00e1va soubor\u016f v Linuxu - Websupport Centrum n\u00e1pov\u011bdy","og_description":"Krom\u011b z\u00e1kladn\u00ed Spr\u00e1vy soubor\u016f a u\u017eivatel\u016f v linuxov\u00e9m p\u0159\u00edkazov\u00e9m \u0159\u00e1dku existuj\u00ed i speci\u00e1ln\u00ed pr\u00e1va soubor\u016f, se kter\u00fdmi se u\u017eivatel p\u0159i vytv\u00e1\u0159en\u00ed a upravovan\u00ed soubor\u016f nesetk\u00e1v\u00e1 \u010dasto. Linuxov\u00fd p\u0159\u00edkazov\u00fd \u0159\u00e1dek WebSupport pro sv\u016fj hosting poskytuje i jako webovou konzolu, v kter\u00e9 m\u016f\u017eeme pracovat pomoc\u00ed webov\u00e9ho prohl\u00ed\u017ee\u010de jako je Google Chrome. Stejn\u011b...","og_url":"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/","og_site_name":"Websupport Centrum n\u00e1pov\u011bdy","article_modified_time":"2021-07-19T11:08:16+00:00","twitter_card":"summary_large_image","twitter_misc":{"Odhadovan\u00e1 doba \u010dten\u00ed":"3 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/","url":"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/","name":"Speci\u00e1ln\u00ed pr\u00e1va soubor\u016f v Linuxu - Websupport Centrum n\u00e1pov\u011bdy","isPartOf":{"@id":"https:\/\/www.websupport.cz\/podpora\/#website"},"datePublished":"2021-04-03T14:32:51+00:00","dateModified":"2021-07-19T11:08:16+00:00","breadcrumb":{"@id":"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.websupport.cz\/podpora\/kb\/specialni-prava-souboru-v-linuxu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.websupport.cz\/podpora\/"},{"@type":"ListItem","position":2,"name":"Speci\u00e1ln\u00ed pr\u00e1va soubor\u016f v Linuxu"}]},{"@type":"WebSite","@id":"https:\/\/www.websupport.cz\/podpora\/#website","url":"https:\/\/www.websupport.cz\/podpora\/","name":"Websupport Centrum n\u00e1pov\u011bdy","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.websupport.cz\/podpora\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"}]}},"_links":{"self":[{"href":"https:\/\/www.websupport.cz\/podpora\/wp-json\/wp\/v2\/ht-kb\/742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.websupport.cz\/podpora\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.websupport.cz\/podpora\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.websupport.cz\/podpora\/wp-json\/wp\/v2\/users\/3"}],"version-history":[{"count":3,"href":"https:\/\/www.websupport.cz\/podpora\/wp-json\/wp\/v2\/ht-kb\/742\/revisions"}],"predecessor-version":[{"id":3305,"href":"https:\/\/www.websupport.cz\/podpora\/wp-json\/wp\/v2\/ht-kb\/742\/revisions\/3305"}],"wp:attachment":[{"href":"https:\/\/www.websupport.cz\/podpora\/wp-json\/wp\/v2\/media?parent=742"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.websupport.cz\/podpora\/wp-json\/wp\/v2\/ht-kb-category?post=742"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.websupport.cz\/podpora\/wp-json\/wp\/v2\/ht-kb-tag?post=742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}