Special permission notes for files under Linux

Source: Internet
Author: User

Special permissions: Suid,sgid,sticky

Security context:

1. The process runs as a user, and the process is the agent that initiates the user of this process, so all operations are done with this user's identity and permissions;

2. Permissions matching:

(1) Determine whether the owner of the process is the owner of the file being accessed; if it is, then the owner's permission is applied; otherwise enter 2nd.

(2) Determine whether the owner of the process is an array of files accessed, and if so, the permission to apply the array; otherwise, enter 3rd

(3) Permission to apply other


By default: The user-initiated process, the owner of the process is its initiator, and therefore, it is running as the initiator;

suid function: When the user runs a program, if the program has SUID permissions, then the program runs as a process, the owner of the process is not the initiator but the program files own owner;

To manage Suid permissions for a file:

chmod u+|-S file

Placement: Owner's execution rights

If the primary version has Execute permission, it is shown in lowercase; otherwise, it is shown in uppercase S


Function: When the permission is set by the directory group, all the genera belonging to this directory and new files or directories in this directory as a group, the group of the new file is not the base group of the user but the genus of this directory

Placement: The execution permission bit for a group

If the original version of the group has EXECUTE permission, the display is lowercase; otherwise, it is shown in uppercase S

To manage Sgid permissions for a file:

chmod g+|-S file


Function: For a group or global writable directory, all users in the group or all users on the system can create new files in this directory or delete all of their own files, if you set sticky permissions for such directories, each user can create new files, and can only delete their own files

Setting mode: chmod o+t

Placements: Execution permission bits for other users

If other users have execute permissions, they are displayed as lowercase t, otherwise uppercase T

The/TMP and/VAR/TMP directories on the system have sticky permissions by default;

Another way to system special permissions:

Suid sgid sticy octal permissions

0 0 0 0

0 0 1 1

0 1 0 2

0 1 1 3

1 0 0 4

1 0 1 5

1 1 0 6

1 1 1 7

Facl:file Access Control Lists

Additional weighting mechanisms for documents:

In addition to the original U, G, O, the other layer allows ordinary users to control the empowerment mechanism that empowers other users or groups:

Getfacl command:

Getfacl FILE ...



Setfacl command:

Setfacl-m U:username:mode FILE ...

Setfacl-m G:groupname:mode FILE ...

Revoke the right to empower:

Setfacl-x U:username FILE

Setfacl-x G:groupname FILE

Setfacl-m G:MYGRP:RW Test.centos

This article from "Flat Light is true" blog, please be sure to keep this source http://ucode.blog.51cto.com/10837891/1896963

Special permission notes for files under Linux

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.