Special permissions for Linux file systems

Source: Internet
Author: User
Tags directory create

Date: August 30, 2015

The security context of the process

(1), whether the user can start an executable program file as a process, depending on whether the user has execute permissions on the program file

(2), after the program is started as a process, the owner of this process is the current user, that is, the initiator of the process, the group to which the process belongs, the base group for the initiator

(3), process-owned access rights, depending on the owner's access rights

(a) The owner of the process, the owner of the document, and the application file is the Master permission

(b) The owner of the process, which belongs to the group of files, applies the permissions of the group of files

(c) Otherwise apply other permissions


Displayed in the file owner 's execution permission bit, s indicates that the owner has X permission, S is the owner of the original no X permission

Function: For an executable file, any user running this program as a process, its owner is no longer the initiator of the process, but the program files own owner, this mechanism is SUID

Permission settings:

chmod u+s FILE ...

chmod u-s FILE ...

For example: The user needs to change the password, enter the passwd command, then run the/usr/bin/passwd file, the owner of the file, belong to the group is root, other users only execute permissions.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/7F/wKiom1XlCamznw_RAAICtk3tFwQ940.jpg "/>

While running the command to modify the password it will update the/etc/passwd and/etc/shadow files, and these two files only the root user conditionout modification limit.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/7C/wKioL1XlC8mgdOu6AACG35QuoqE455.jpg "/>

Therefore, the SUID permission of the/usr/bin/passwd file will allow the program to run with root privileges, then it can be modified as root.

/ETC/PASSWD,/etc/shadow these two files.


Execution Permission bits displayed in the file group

By default, when a user creates a file, the group is the base group to which the user belongs;

Once a directory has been set with Sgid permissions, users with write access to this directory create files in this directory that belong to the group of that directory.

Permission settings:

chmod g+s FILE ...

chmod g-s FILE ...

For example: A group of people who need to work together in a directory can set sgid permissions for the directory. The group of files created in this directory is the genus of the directory, and the group is added as the user's additional group, and the group is assigned the appropriate permissions. In this directory, everyone can work together.

In a common directory, assign rwx permissions to the genus group of the directory, so that users who are members of the group can create files within that directory, and the files or directories created are open and modifiable. In order to prevent users from misoperation, restrict the user can only delete the files that they created, this is the special permission Sticky function.


Displays the execution permission bit for other users , the lowercase letter T

For a public directory, this permission is used to restrict each user from deleting only the files that they create

Permission settings:

chmod o+t FILE ...

chmod o-t FILE ...

Binary number representation of special permissions





< P style= "Margin-bottom:0;text-align:center;" >001



< P style= "Margin-bottom:0;text-align:center;" >010



< P style= "Margin-bottom:0;text-align:center;" >011


sgid sticky

< P style= "Margin-bottom:0;text-align:center;" >100



< P style= "Margin-bottom:0;text-align:center;" >101


suid sticky

< P style= "Margin-bottom:0;text-align:center;" >110


suid sgid




Special permissions can also be set with the file's normal permissions:

chmod 4777 FILE

chmod 2755 DIR

chmod 3755 DIR


// in /home pub directory, set the suid and sticky permissions

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/7C/wKioL1XlDFiw7Cn7AADbX7OsQpU780.jpg "title=" 1.png " alt= "Wkiol1xldfiw7cn7aadbx7osqpu780.jpg"/>

Special permissions for Linux file systems

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.