Special permissions on the Linux file system SUID, SGID, Sticky (sticky bit)

Everyone has his own dream, I want to write it out.

Special permissions on the Linux file system

SUID, SGID, Sticky ( Sticky position )

1 file Basic Permissions

R Read , W Write , x Execution

User, group, other

2 Security Context

Premises: The process has a group of owners and genera;

(1) any executable program file can be started as a process: depending on whether the initiator has EXECUTE permission on the program file;

(2) after initiating as a process, the owner of the process is the initiator, and the group of the process belongs to the initiator;

(3) when a process accesses a file, it depends on the initiator of the process:

(a) The initiator of the process, the owner of the same document: The application file is the master authority;

(b) The initiator of the process, belonging to the group of documents, the application file is a group of permissions;

(c) application of the file "other" permission;

3 SUID

(1) any executable program file can be started as a process: depending on whether the initiator has EXECUTE permission on the program file;

(2) After initiating the process, the owner of the process is the owner of the original program file;

a power-up mechanism (unsafe)

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M00/95/20/wKioL1kR1ZfBeg-WAABz8PYHwmc841.png-wh_500x0-wm_ 3-wmp_4-s_1417997306.png "style=" Float:none; "title=" Picture 1.png "alt=" Wkiol1kr1zfbeg-waabz8pyhwmc841.png-wh_50 "/>

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/95/20/wKioL1kR1ZnzzT1wAACfc0K_lao373.png-wh_500x0-wm_ 3-wmp_4-s_3305823813.png "style=" Float:none; "title=" Picture 2.png "alt=" Wkiol1kr1znzzt1waacfc0k_lao373.png-wh_50 "/>

Permission settings:

chmod u+s FILE ...

chmod u-s FILE ...

4 SGID

By default, when a user creates a file, the group is the base group to which the user belongs;

Once a directory has been setSGID, the directoryany oneusers with Write permissions,The files that are created in this directory belong to the group for this directoryitselfthe genus Group;

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/95/21/wKiom1kR1ZvRXdCAAAEeOVCS_XE275.png-wh_500x0-wm_ 3-wmp_4-s_3538162131.png "style=" Float:none; "title=" Picture 3.png "alt=" Wkiom1kr1zvrxdcaaaeeovcs_xe275.png-wh_50 "/>

Permission settings:

chmod g+s DIR ...

chmod g-s DIR ...

5 Sticky sticky position

for a multi-person writable directory, if the sticky is set, then each user can only delete their own files;

files under tmp/var/tmp have sticky Special permissions by default

Permission settings:

chmod o+t DIR ...

chmod o-t DIR ...  

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M00/95/21/wKiom1kR1ZzxjUlvAACa3r-zZww025.png-wh_500x0-wm_ 3-wmp_4-s_14157756.png "style=" Float:none; "title=" Picture 4.png "alt=" Wkiom1kr1zzxjulvaaca3r-zzww025.png-wh_50 "/>

SUID SGID STICKY corresponding numeric representation

000 0

001 1 T

010 2 g

011 3  

4 s

101 5

110 6

111 7

chmod 4777/tmp/a.txt

Several permission bit mappings:

Suid:user, occupying the master's execution authority;

permissions s

S: Owner turns out no x permission

Sgid:group, occupy the group 's execution permission bit;

S:group has x permissions

S:Group does not have x permission

Sticky:other, occupying ohter 's execution privilege bit;

T:other has x permissions

T: Other does not have x permission

SUID: When running a program, the owner of the corresponding process is the owner of the program file itself, not the initiator. 2755

chmod u+s FILE u-s

if File itself has execute permission, then SUID is displayed as s;

SGID: When you run a program, the owning group of the corresponding process is the owning group of the program file, not the base group to which the initiator belongs. 3755

chmod g+s FILE

G-s FILE

Parent Directory has Sgid permissions, any user-created file in its subdirectory inherits the parent directory belonging to the group (no longer the user's base group as a group of files). Users within a group can edit files created by other users in the group. Additional groups.

Sticky: Public directory, each user can create files, delete their own files, but cannot delete others ' files. 1755

chmod o+t FILE o-t

This article is from the "12040214" blog, please be sure to keep this source http://12050214.blog.51cto.com/12040214/1923884

Special permissions on the Linux file system SUID, SGID, Sticky (sticky bit)