Special permission notes for files under Linux

Special permissions: Suid,sgid,sticky

Security context:

1. The process runs as a user, and the process is the agent that initiates the user of this process, so all operations are done with this user's identity and permissions;

2. Permissions matching:

(1) Determine whether the owner of the process is the owner of the file being accessed; if it is, then the owner's permission is applied; otherwise enter 2nd.

(2) Determine whether the owner of the process is an array of files accessed, and if so, the permission to apply the array; otherwise, enter 3rd

(3) Permission to apply other

SUID:

By default: The user-initiated process, the owner of the process is its initiator, and therefore, it is running as the initiator;

suid function: When the user runs a program, if the program has SUID permissions, then the program runs as a process, the owner of the process is not the initiator but the program files own owner;

To manage Suid permissions for a file:

chmod u+|-S file

Placement: Owner's execution rights

If the primary version has Execute permission, it is shown in lowercase; otherwise, it is shown in uppercase S

SGID:

Function: When the permission is set by the directory group, all the genera belonging to this directory and new files or directories in this directory as a group, the group of the new file is not the base group of the user but the genus of this directory

Placement: The execution permission bit for a group

If the original version of the group has EXECUTE permission, the display is lowercase; otherwise, it is shown in uppercase S

To manage Sgid permissions for a file:

chmod g+|-S file

STICKY:

Function: For a group or global writable directory, all users in the group or all users on the system can create new files in this directory or delete all of their own files, if you set sticky permissions for such directories, each user can create new files, and can only delete their own files

Setting mode: chmod o+t

Placements: Execution permission bits for other users

If other users have execute permissions, they are displayed as lowercase t, otherwise uppercase T

The/TMP and/VAR/TMP directories on the system have sticky permissions by default;

Another way to system special permissions:

Suid sgid sticy octal permissions

0 0 0 0

0 0 1 1

0 1 0 2

0 1 1 3

1 0 0 4

1 0 1 5

1 1 0 6

1 1 1 7

Facl:file Access Control Lists

Additional weighting mechanisms for documents:

In addition to the original U, G, O, the other layer allows ordinary users to control the empowerment mechanism that empowers other users or groups:

Getfacl command:

Getfacl FILE ...

User:USERNAME:MODE

Group:GROUPNAME:MODE

Setfacl command:

Setfacl-m U:username:mode FILE ...

Setfacl-m G:groupname:mode FILE ...

Revoke the right to empower:

Setfacl-x U:username FILE

Setfacl-x G:groupname FILE

Setfacl-m G:MYGRP:RW Test.centos

This article from "Flat Light is true" blog, please be sure to keep this source http://ucode.blog.51cto.com/10837891/1896963

Special permission notes for files under Linux