File permissions and special Rights Management suid, Sgid, and sticky

Source: Internet
Author: User

  1. File permissions application model;

    1. Initiator of process: Process Owner
    2. Genus Group of processes: Group of process genera
    3. The owner of the process is the same as the owner of the file, and if it is the same, the process accesses the file as the owner of the file: Otherwise, the owning group of the process is the same as the genus of the file: If the same, the process accesses the file with the permissions of the filegroup: otherwise the process accesses the file with the permission of the other
  2. File general permissions;
    1. Each user in Linux must belong to a group and cannot be independent of the group. In Linux, each file has the concept of owner, group, other group;
        1. Owner: Owner, hereinafter referred to as "U", the holder of a file or directory;
        2. Owning group: Group, abbreviated as "G", and all users with the same group ID as the file owner;
        3. Other groups: Other, referred to as "O", other users;
    2. Each file or directory in Linux contains access rights that determine who can access and how to access these files and directories.
        1. reads: read, referred to as "R", means that only the content is allowed to be read, and all changes to it are forbidden;
        2. Write: Write, abbreviated as "W", indicates that the contents of the file can be modified;
        3. Execute: Execute, abbreviated as "X", indicating that its file can be run;
    3. read and write execution for file meaning;
        1. R: You can use the Content view Class command to display its related content;
        2. W: You can use the editor to modify its contents;
        3. X: It is possible to initiate a process ;
    4. read and write execution for directory meaning;
        1. R: You can use the LS command to view file information for directory contents
        2. W: can create, delete files
        3. x: You can use the Ls-l command to view file information for directory contents, and you can use the CD command to switch this directory to the working directory:     
    5. Use a 8-digit number to denote;
        1. R:4
        2. W:2
        3. X:1
    6. Chown: Modify the owner of the file, only the administrator executable;
    7. chmod: Modify file permissions;    
    8. Chgrp: Modify the genus Group of the file, only the administrator executable;
    9. Umask
  3. File special permission;
    1. Execute file suid: When you run this program with a user who does not have the appropriate permissions, you can access resources that do not have access. When the user executes executable executable file, the owner of the process is no longer in the user's own identity, but the owner of the document as the owner of the process;
        1. S: Indicates execute permission before adding suid;
        2. S: Indicates no execute permission before adding suid;
        3. Set suid permissions: chmod u+s filename;
        4. Set SUID permissions: Assuming the original permission is 644,chmod 4644;
    2. Directory file Sgid: A directory with Sgid, the file created by the user in this directory, the group of the new file is no longer the user's genus group, but the genus of the directory;
        1. S: Indicates execute permission before adding suid;
        2. S: Indicates no execute permission before adding suid;
        3. Set suid permissions: chmod g+s filename;
        4. Set SUID permissions: Assuming the original permission is 644,chmod 2644;
    3. Sticky bit sticky: for public writable directories, users can create files that can delete their own files, but cannot delete other users ' files;
        1. T: Indicates execute permission before adding suid;
        2. T: Indicates no execute permission before adding suid;
        3. Set sticky permissions: chmod o+t filename;
        4. Set sticky permissions: Assuming the original permission is 644,chmod 1644

From for notes (Wiz)



File permissions and special Rights Management suid, Sgid, and sticky

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.