Learn the special permissions of linux files again: SUID, SGID, SticyBit
Source: Internet
Author: User
Next, I learned special permissions for linux files: SUID, SGID, and SticyBit. Previously, my understanding of file management was limited to UGO management. I learned it again and recorded what I understood. First, list SUID, SGID, SticyBit... next, I learned special permissions for linux files: SUID, SGID, and Sticy Bit. Previously, my understanding of file management was limited to UGO management. I learned it again and recorded what I understood. First, list the permissions represented by SUID, SGID, and Sticy Bit. Just as rwx corresponds to 4, 2, and 1 respectively, the values corresponding to SUID, SGID, and Sticy Bit are also 4, 2, and 1. SUID 4 SGID 2 Sticky Bit 1r 4 w 2x1 for the following example. now assume that there is a file a with the permission-rw-r --, the corresponding value is 664. 1. SUID Full name: Set UID object: used only to Set special permissions for binary files. purpose: used to open the execution permissions for binary files. When the user executes file a, the user of file a is temporarily authorized during the execution. Simply put, if the owner of file a is root but SUID is set for the file, other users can execute the file. Example:/usr/bin/passwd setting method: after chmod 4664 a is set, the file a permission is: -rwSrw-r -- (now I know why the umask value of each user is four digits. if you don't know what umask is, google it.) 2. full name of SGID: set GID object: used to Set special permissions for files and directories purpose: File: If the file is a binary file, other users will use the God Directory of the user group to which the file belongs when executing the file: the files or directories created under this directory automatically inherit the user group setting method of this directory: after chmod 2664 a is set, the file a permission is: -rw-rwSr -- 3. full name of Sticky Bit: Set UID object: used only for setting special permission usage of directories: only the owner and root of the file can delete the files created in the directory with the Sticky Bit permission. Setting method: after chmod 1664 a is set, the file a permission is-rw-r-t = gorgeous split line. when testing the above attributes, the system will find a problem to sum up. Two users A and B of the same user group are granted the rwx permission of User A's home directory so that user B can access. Use User B to create the file test in the home directory of user A, and set the file attribute to ---- rwx ---, that is, only the user group has all permissions. In this case, User B cannot modify the file test, but user A can modify the file. The preceding experiment draws two conclusions: 1. if a file belongs to a user group and all permissions are granted to the user group, all users in the user group can access the file with the user group permissions. 2. if the user of a file knows all its permissions, but the permissions of the group are all open, the user of the file still cannot access the file. The reason is that the system references the current user's right to execute the target file in the operating file.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
