Self-study Linux shell7.3-linux shared files

Click Back to learn the path of the Linux command line and shell script

7.3-linux Sharing files

The way to share files on a Linux system is by creating groups.

1. Linux Stores 3 additional bits of information for each file and directory:

• suid Setting the user ID
  When the file is used by the user, the program runs with the permissions of the file owner
• Sgid set the group ID
  For a file, the program runs with the permissions of the file group
  For a directory, the new file created by the directory will be the default genus of the directory's default genus Group
• sticky bits.
  The file still resides in memory after the process has ended

SUID sets the user ID to be expressed in S.

• The user corresponds to the first three bits of x-bit if there is, with small s to represent suid. When there is no X on the X-position, SUID is the uppercase S.
• Setting a user ID bit is a program or command that allows a normal user to run with root or other user privileges only if root or another user can run, or a program command corresponds to a file that does not have permission to operate.
• Valid only for binary command programs and cannot be used on similar script files such as shells. Shell scripts only invoke binary command programs, so specific permissions also need to look at the binary command itself.
• The binary command program needs to have executable permissions x\
• SUID permissions are only valid during program execution.
• Any user who executes the command can obtain permission to do so during the execution of the command program.
• Suid is a double-edged sword, is a more dangerous function, the system security has a certain threat.

Sgid Set the group ID
Unlike Suid, Sgid can be set for both file and position directories. Sgid is modified for user permissions.
Sgid is primarily used in the directory, when the Sgid bit is set for a directory, the file created in that directory has all this permission for that directory, not the default owner of the user who created the file. This makes it easier to share files in a directory among multiple users.

For files, the Sgid function is as follows:

• Sgid is valid only for binary command programs.
• The binary command or program requires executable permissions.
• Any user who executes the program can obtain the permissions of the group to which the command program is executing.

For the directory, the Sgid function is as follows:

• The files and directories that the user created under this directory have the same user group settings as this directory.

Sticky bit sticky bit　

Sticky bit function is used less, but for the/tmp directory, this is the entire system temporary file storage, you need to set the sticky bit.
A directory even if you develop all permissions rwxrwxrwx, if you set a sticky bit, other users cannot delete the directory unless the directory owner and root user have permission to delete it.
Let all users have the/tmp directory all permissions, but each user can only delete their own files. In T, if there is no execute permission, then it is t. /tmp directory who can write, often is the Trojan first-hand springboard location.

For example, the last digit of the/tmp permission bit is T. This is where the sticky bit is set.

2. How to share files

Through the above introduction, the Sgid bit is very important to share files, the following is the establishment of shared files steps:

• Create a shared directory with the mkdir command
• Change the default genus of a directory to a group containing all users who need to share files by using the CHGRP command
• Change the sgid location bit of the directory to make sure that the new file in the directory is shared as the default genus
• All group members set the Umask value to a file-to-group member writable
• Finally, the group member can create a new file in the shared directory, and all users within the shared group can access the file

Self-study Linux shell7.3-linux shared files