Linux Basics-Special permissions and file system access control lists

Special permissions

SUID: When running a program, the owner of the corresponding process is the owner of the program file itself, not the starting user.

SGID: When running a program, the owning group of the corresponding process is the genus of the program file itself, not the base group to which the user belongs.

Sticky: In a common directory, each user can create files, can delete their own files, but cannot delete others ' files

Special permissions to modify files

chmod u+s file: Adding Suid permissions to Files

chmod u-s File: Delete suid permissions for files

chmod g+s file: Adding Sgid permissions to Files

chmod g-s File: Delete Sgid permissions for files

chmod o+t DIR: Add sticky permissions to the directory

chmod o-t DIR: Delete sticky permissions for directory

Example:

chmod 1755/back/test: 755 file with sticky permissions

chmod 2755/back/test: 755 file with Sgid permissions

chmod 3755/back/test: 755 files with sticky and Sgid permissions

chmod 4755/back/test: 755 files with Sgid and Suid permissions

chmod 5755/back/test: 755 files with sticky and suid permissions

chmod 6755/back/test: 755 files with sticky and suid and Sgid permissions

So the first 0 of Umask's 0022 represents a special privilege.

Job: Create a directory that has write permissions for User01,user02,user03, and can edit additional user-created files, but not delete files created by others.

Facl:file System Access Control List

Using the file extension properties to save additional access control permissions, the ACL is an extension of the existing permission mechanism, adding access to a specified user or group based on the three basic settings (owner, group, other) of the existing mechanism.

Facl can set the file specific permissions for certain users of a file, meaning that through the facl can be extended to a file permissions can be different users have different permissions on a file. Let Tom users have read and write access to files created by Jerry.

Setfacl

-M: Set up additional access control lists

U:uid:perm file setting specifies that the user has specified permissions on file

D:uid:perm DIR Sets the specified user's specified permissions on the directory, and the files created by default in this directory will inherit Facl

G:gid:perm file setting specifies that the group has specified permissions on file

Example: setfacl-m u:hoodop:rw/tmp/test.txt add HOODOP user has read and write access to Test.txt.

-X: Cancel the additional access control list

--mask: Set Default Mask Permissions

Getfacl FILE: Get Facl permissions

Permissions apply order After Facl permissions are added

The Group-->other in the User-->group-->facl in Owner-->facl

This article from "Liang Childe" blog, please be sure to keep this source http://iyull.blog.51cto.com/4664834/1884923

Linux Basics-Special permissions and file system access control lists