Rights Management and special permissions for Linux Suid,sgid,sticky

Source: Internet
Author: User

All documents are one of the important philosophical ideas of Linux, users log in to the system through the account password to obtain the use of the system, in the system through the UID to uniquely identify a user, whether a user can access or use a file resource, depending on whether the user has the corresponding permissions.

On Linux systems, using the LS-L option, you can see each file's permissions are divided into three paragraphs, respectively, the corresponding file owner, group, and others. The permission bits are made up of r,w,x (read and write execution).

Permissions matching process: First check that the user performing the operation is not the owner of the file, if so, the application of the file owner's permission. Otherwise, check whether the user is a user in the file group, and finally apply other user-owned permissions

For catalog files, r Read permission represents the user can use the LS command to view the files contained in the directory

W Write permission on behalf of the user can create files in this directory, in addition to the root user, the general user also need to have X permissions to the directory

X Execute permission on behalf of the user can CD into the directory to perform subsequent operations

For a generic file, R Read permission represents the user's ability to view the contents of a file using commands such as the Cat class, but the user needs X permissions on the directory where the file resides

W Write permission on behalf of the user can delete and modify the contents of the file, as above, the directory must have executive permission

X Execute permission on behalf of the user can write the file at the command prompt to execute, as above


Special permissions:

SUID: In general, the use of this feature for executables, as previously said, after the user matches the corresponding permissions, if it is an executable file, then the owner of the process of execution is the initiator's identity (UID), and once the file has SUID, the owner of the process of execution is the owner of the file, Instead of the initiator (but the initiator must have execute permission).

Role: Changes the identity of the initiating process, changing the objects that the process can access.

chmod u+s filename

chmod u-s filename


SGID: Generally used for directory files, generally the owner of the file created by the user and the group is the user and its basic group, when the file is created in a directory with SGID permissions, the group of files is no longer the user's base group, but the genus of the directory.

Role: In the project for a directory sharing, the user is added to a group, and then the group of the directory is changed to the groups, then each user can use the permissions of the group to access the non-own to create the file

chmod g+s Directory

chmod g-s Directory

Stiky: When using Sgid, in the same group to facilitate the sharing of information among members of the user in this directory can delete other user-created files, so the role of Stiky is to add Stiky permissions to the directory, users can only delete the files they created in the directory, Cannot delete files created by other users

chmod o+t Directory

chmod o-t Directory

This article is from the "Zxcvbnm Xuan ye" blog, please be sure to keep this source http://10764546.blog.51cto.com/10754546/1701182

Rights Management and special permissions for Linux Suid,sgid,sticky

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.