Linux Force bit and adventure bit

Linux mandatory bit and adventure bit-general Linux technology-Linux programming and kernel information. The following is a detailed description. Directory is also a file []

The read and write permissions on the directory are different from those of common files:

Read: You can read files in a directory.

Write: it does not work independently. With execution permissions, you can add and delete files in the directory.

Run: You can access the Directory and call the information in the directory.

* ** In addition to the read and write permissions, The ext2 and ext3 file systems also support special permissions for the forced bit (setuid and setgid) and adventure bit (sticky.

* ** For u, g, and o, set uid, set gid, and sticky are available respectively.

* ** Force bit and adventure bit are added to the execution permission.

If you already have execution permissions at this location. The mandatory and adventurous bits are expressed in lowercase letters. Otherwise, they are expressed in uppercase letters.

* ** Set uid and set gid use one s for each u and g x positions, and sticky uses one t.

***

* ** By default, files created by the user belong to the current group of the user.

* ** Setgid is set on the directory, indicating that any file created in this directory will belong to the directory group.

***

* ** By default, if a directory has w and x permissions, anyone can create and delete files in this directory.

* ** Once an adventure bit is set on the directory, only the owner of the file, the owner of the directory, and the system administrator can delete the file.

* ** In an executable file, you can add set uid and set gid.

* ** By default, a user executes a command and runs the process as the user.

* ** The mandatory bit in the command file allows the user to execute the command and run the process as the owner or group of the command file.

* ** You can use the chmod command to set the mandatory and risky bits for the file.

? Set uid: chmod u + s file name

? Set gid: chmod g + s file name

? Sticky: chmod o + t file name

* ** You can add a number and place it in three digits for read/write execution to specify the mandatory and risky places.

? 4 (set uid)

? 2 (set gid)

? 1 (sticky)

Set s u I d/g u I d

Command result meaning

Chmod 4755-rwsr-xr-x suid. The file owner has read, write, and execution permissions. All other users have read and execute permissions.

Chmod 6711-rws -- s -- x suid, sgid, and file owner have read, write, and execute permissions, and all other users have execution permissions.

Chmod 4511-rwS -- x-x suid. The file owner has read and write permissions, and all other users have execution permissions.

The preceding table has the following files: rwS -- x, where S is capitalized. It indicates that the execution permission limit is not set. This is a suid setting that is useless and can ignore its existence.

Note that the chmod command does not perform necessary integrity checks and can grant any permissions to a useless file. However, the chmod command does not check the configured permission combinations. Therefore, if you do not see that a file has the execution permission, you think it must be a program or script.

About the sticky bit in linux)

To delete a file, you do not have to have the write permission for the file, but you must have the write permission for the file's parent directory. That is to say, even if you do not have the write permission for a file, but you have the write permission for the file's parent directory, you can also delete the file, if you do not have the write permission for a directory, you cannot create files in the directory.

How can a directory be used to allow any user to write files and prevent the user from deleting other people's files in this directory? sticky can play this role. Stciky is generally used only in directories and does not play any role in files.

After sticky is set in a directory, (for example,/home, the permission is 1777) All users can create files in this directory, however, you can only delete files created by yourself (except root), which protects User Files in directories that can be written by all users.