Detailed description of sticky bit in Linux, linuxsticky

Detailed description of sticky bit in Linux, linuxsticky

File permissions in Linux

In linux, each file and directory has its own access permission, which determines whether the user can access the file or directory and how to access it. The most well-known file or directory may have three permissions: read, write, and execute operations, which are not described here. After a file is created, the system grants the owner the read and write permissions by default. Of course, you can modify it and add the required permissions.

Special Permissions

But are these three permissions sufficient? Now we will talk about another special permission in linux. First, let's take a look at the tmp directory in the root directory. We can see that the other permission of the tmp directory is 'rwt '. What is the t permission here and what is the significance.

Before understanding this permission, let's take a look at what the tmp directory stores. in linux, The tmp directory stores some temporary files, the permissions of the owner and group users of this directory are both rwx and rwt for other.

We know that if the other permission setting of a directory has the write and execution permissions, other users can also create and delete files in this directory. Let's give it a try:

As a root user, a cur directory is created under its root directory and 777 permission is granted.

Then we created two new files test1 and test2 In the cur directory. At this time, we can see that the other permissions of these two files only have one read permission.

Now we switch the user to the dh user and try to delete the newly created file. We found that the file can be completely deleted. So there is a problem. For example, the permission of the/tmp directory should be set to "rwxrwxrwx, it allows any user to create, delete, and move files in this directory. But we just saw that my dh user can delete the folder created by the root user under the cur directory. For the tmp directory, any user can delete temporary files running in the System Service (Other users), so this is definitely not what we want.

So back to the beginning, we can see that the permission for the tmp directory is "rwxrwxrwt". Here t plays a very important role.

Stick position)

The t permission mentioned above is the sticky bit we will talk about here. We will set a sticky bit for the other user by using the chmod o + t method for the cur directory.

Then we continue to switch to the dh user to see if we can continue the previous delete operation:

We can see that we do not have the permission to delete the files created by the root user, which is the role of the stuck bits.

The sticky permission is set in this case. When the sticky permission is set for the record, even if the user has the write permission for the record, it is also not allowed to delete the parcel data of another user in the record. Only the owner and root user of the parcel can delete the data. After a sticky bit is set, the shard type can be dynamically balanced: Allow all users to write or delete data in the shard, however, the user is prohibited from deleting data from other users at will.

Notes

Special permissions are added to the original execution permissions. Therefore, to add special permissions, files or directories must have executable permissions.

', In this case, the dh user does not have the permission to perform a series of operations in the cur directory.

So where did the original execution mark x go? The system stipulates that, if there is x in this bit, these special signs (suid, sgid, sticky) are displayed as lowercase letters (s, s, t ). otherwise, uppercase letters (S, S, T) are displayed ).

Notes

The sticking bit permission is for the Directory and is invalid for the file

These operations create a test. c file under the root user, and then add the t permission. However, you can directly delete the file under the dh user. Therefore, the sticky bits are for directories with execution permissions and have no effect on adding sticky bits to files.

 

 

 

 

 

 

Author: Mr_Listening https://home.cnblogs.com/u/MrListening/