Linux file special permissions and access control lists

File Special Permissions

Suid:set UID, the owner has the S permission, means that the user in the execution of the program, the owner of the process is no longer the initiator himself, but the owner of this program file. If the owner is root, it will directly threaten the security of the system if it has Superuser administrator privileges.

Sgid:set GID, a group having S permission, means that when the program is executed, the group of its processes is no longer the basic group that the runner belongs to, but the group of the program files.

Sticky: Paste bit, attach other permissions on, show as T plus this bit user can only delete their own files.

Suid, Sgid, sticky can also be used in octal mode

indicated as follows:

000 i.e. suid, sgid, sticky are empty

001 means Sticky is T, which means 1

010 is Sgid, which means 2

011 is Sgid+sticky, which means 3

100 is suid, which means 4

101 is Suid+sticky, which means 5

110 is Suid+sgid, which means 6

111 is suid+sgid+sticky, which means 7

Example:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5B/8C/wKioL1UL186SYXnSAAD4L3yU-pg367.jpg "title=" image 055. JPG "alt=" wkiol1ul186syxnsaad4l3yu-pg367.jpg "/>

Suid

Usage: chmod u+|-s/path/to/somefile

S: Indicates the owner's original execution permission

S: Indicates the owner has no execute permission

Example:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5B/87/wKioL1ULkTajAAZ3AAHWnRmShL0257.jpg "title=" image 050. JPG "alt=" wkiol1ulktajaaz3aahwnrmshl0257.jpg "/>

Sgid

Usage: chmod g+|-s/path/to/somefile

Example:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5B/89/wKioL1ULuciRRnLaAAGaccepdJg077.jpg "title=" image 051. JPG "alt=" wkiol1ulucirrnlaaagaccepdjg077.jpg "/>650) this.width=650; src=" Http://s3.51cto.com/wyfs02/M01/5B/8F /wkiom1ulukmx64rqaaea5hsrny8549.jpg "title=" image 052.jpg "alt=" Wkiom1ulukmx64rqaaea5hsrny8549.jpg "/>

Sticky

Usage: chmod o+|-t/path/to/somefile

T: Indicates the owner's original execution permission

T: Indicates the owner has no execute permission

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5B/90/wKiom1ULvfWjNVmdAAFWp8N_lfM608.jpg "title=" image 053. JPG "alt=" wkiom1ulvfwjnvmdaafwp8n_lfm608.jpg "/>

Example:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5B/8B/wKioL1ULz5rTROn4AAIMdN03FPQ589.jpg "title=" image 054. JPG "alt=" wkiol1ulz5rtron4aaimdn03fpq589.jpg "/>

File access Control List

File Access Contrl List

The main purpose is to provide a specific permission setting other than the traditional owner,group,others Read,write,execute permissions, which can be controlled by a single user, a single file, or a directory for R,W,X permissions, which is helpful for the use of special permissions. For example, a file that does not allow a single user to access it.

ACL control commands:

GETFACL: Viewing access control lists for a file or directory

SETFACL: Setting the Access control list for a file or directory

Setfacl parameters

-M: Add or modify rules in ACLs

-X: Remove rules from ACL

-B: Remove all ACL rules

-K: Remove the default ACL rule

-R: Recursively set ACLs, including subdirectories

-D: Set default ACL

Usage:

Setfacl Options/path/to/somefile

Example:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5B/96/wKiom1UMxJnyLpjDAAFI-GAquyg938.jpg "title=" image 056. JPG "alt=" wkiom1umxjnylpjdaafi-gaquyg938.jpg "/>650) this.width=650; src=" http://s3.51cto.com/wyfs02/M00/5B/96 /wkiom1umxn3ba6aeaaecd-d33fq441.jpg "title=" image 057.jpg "alt=" Wkiom1umxn3ba6aeaaecd-d33fq441.jpg "/>

Setfacl may also prohibit a user from accessing the specified file

Example:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5B/90/wKioL1UMz33yFY5NAADgmRtaP2s680.jpg "title=" image 059. JPG "alt=" wkiol1umz33yfy5naadgmrtap2s680.jpg "/>

Facl the additional mount file system is not supported by default, additional ACL options are required when mounting the system.

Example:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5B/96/wKiom1UMzLnSCMRdAAH1388xn1k811.jpg "title=" image 058. JPG "alt=" wkiom1umzlnscmrdaah1388xn1k811.jpg "/>

This article is from "Why No!" blog, be sure to keep this source http://dovemy.blog.51cto.com/8487472/1622718

Linux file special permissions and access control lists