Linux file permission representation and user Rights management

Unix/linux the representation and view of file permissions is probably the most familiar, but do you really understand the user's file permissions and permissions of the user?

In fact, the file permission identifier is not just u, G, O

11	10	9	8	7	6	5	4	3	2	1	0
SUID	Guid	Sbit	R	W	X (S/S)	R	W	X (S/S)	R	W	X (S/S)

As shown above, Linux has 3 special permissions in addition to the common read (R), write (W), execute (x) permissions, respectively, Setuid, setgid, and stick bit

1, setuid, setgid

Take a look at an example to see the permissions of your/usr/bin/passwd and/etc/passwd files

[Email protected] ~]# ls-l/usr/bin/passwd/etc/passwd11549  £/etc/ passwd122984----/usr /bin/passwd

As we all know, the/etc/passwd file of each user's account and password information,/USR/BIN/PASSWD is to perform the modification and viewing of this file program, but from the permissions,/etc/passwd only the root of the write (W) rights, can actually each user can be /USR/BIN/PASSWD command to modify this file, so here is involved in Linux special Permissions setuid, as-rwsr-xr-x in the S

Setuid is: Let ordinary users have the ability to perform "only root permission to execute" special permissions,

Setgid means "group"

As a normal user is not authorized to modify the/etc/passwd file, but to/usr/bin/passwd to setuid permissions, ordinary users can be executed passwd command, temporary root permissions, to modify the/etc/passwd file

2. Stick bit (paste bit)

See an example to see the permissions of your/tmp directory

[Ro[email protected] ~]# ls-dl/64096-All:PNS /tmp

The TMP directory is a temporary folder common to all users, all users have read and write permissions, which inevitably arises a problem, a user in/tmp created a file a.file, at this time B user looked uncomfortable, in/TMP to delete it (because of having read and write permission), it is certainly not. This is not actually the case because there is a special permission to stick bit (paste bit) permission, as in DRWXRWXRWT the last T

Stick bit (paste bit) is: unless the owner and root user of the directory has permission to delete it, other users cannot delete and modify the directory.

That is, in the/tmp directory, only the owner and root of the file can modify and delete it, other users do not, avoid the above mentioned problem arises. The purpose is generally to open a folder's permissions, and then to share files, like the/tmp directory.

3, how to set the above special permissions
Setuid:chmod u+s xxx chmod 4*** xxx

Setgid:chmod g+s xxx chmod 2*** xxx

Stick bit:chmod o+t xxx chmod 1*** xxx

Or, using the Octal method, add a number to the previous number, and the three permission represents a binary number similar to the general permission, as follows:

Suid GUID Stick bit

1 1 1

Finally, after some files have special permissions set, the letters are not lowercase s or T, but the uppercase S and T, which means that the special permissions on this file do not take effect because you have not given it the user's X permission

Linux file permission representation and user Rights management