Linux Permissions detailed

Source: Internet
Author: User

There are several types of permissions for Linux systems:

Usergroupother

User: The owner of a file or directory, represented by R--、 rw-, R-x, etc.

Group: A genus of files or directories represented by R--、 rw-, R-x, etc.

Other: Permissions for other people in a file or directory, as shown in R--、 rw-, R-x, etc.

Permissions matching model for Linux processes

When a user executes a program with a file as a parameter, the owner of the process is the user who executes the program, and then the kernel determines whether the owner of the process is the owner of the file, and if so, the kernel authorizes the process to access the file with the permission of the file owner; The kernel will determine whether the owning group of the process belongs to any of the groups that contain the file, and if so, the kernel authorizes the process to access the file with the permission of that filegroup, and if not, the kernel authorizes the process to access the file with the permission of the other person in the file.


Linux systems have the following types of privilege bits:

Basic permissions:

R Read W write X Execute

For directories: (directories usually give x permissions)

R: can directory execution ls command to view the contents of the directory, but cannot execute the ls-l command to view the contents of the directory of the owner, owner and other metadata information, only to the R permission bit to execute the LS command will display the directory content and will report the error of insufficient permission to enter the directory

W: You can delete or create rename files and directories in the directory, and you can modify the permissions of files owned by that user in this directory

X: Can execute CD command into the directory, usually with the R permission bit to use, only give X permission bit no effect for the file:

R: Can perform cat, grep, SED, vim and other commands to view or search for file contents, but cannot modify

W: You can use echo to input content to the file, or use Nano or vim to modify the file content, if only to the W permission, the relevant user can input content to the file, but can not view the content, usually with the R permission to use

X: Can execute the file, but only give x permission, the file cannot execute and report the insufficient permission information, usually with the R permission bit used together

Special permission bits:

SUID: This permission is typically for the master setting of the binary executable, which means that when the user executes the file, the owner of the process is the owner of the file, not the user who executed the file. When a file has this permission bit, the other permission bits of the owner are set to s| S (/usr/bin/passwd file has this permission)

SGID: This permission is usually set by the group of the PIN directory, indicating that when the user executes the file, the group of the process will be the owner of the file, not the base group to which the user executing the file belongs. When a file has this permission bit, the other permission bits of the owner are set to s| S

When the directory has this permission, the group of files or directories created by the user under the directory will be the genus of that directory

Supplement: s| in Suid and Sgid S

Previous X permission is shown as S

No previous X permission is represented as S

Stick: This permission is usually the other permissions of the PIN directory is set, when the directory has this permission, users in the directory can be created to delete and modify their own files or directories, but can not delete other people's files or directories, can not modify other people's files depends on the user to other people's files have no write permission:




This article is from "Chalet Technology" blog, please make sure to keep this source http://starli.blog.51cto.com/8813574/1659806

Linux Permissions detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.